Dashboard Articles Playground Discussions More
Follow

Possible bug?

n0ne
9 years ago

0

Image
As you can see if I put spaces before the “>” the alert will popup but the solution will be still incomplete. :(
In the second gif example the tag “< /script >” prevents the loading of the right sidebar of the site.
I’m on Firefox 40.0.2

10replies
7voices
267views
1image
dloser
9 years ago

0

You seem to have missed the word exactly.

Walter50
9 years ago

0

Look at the other threas, they are speaking about undeundetectedtected !
Try to see what you can do with this hint ;)

Marksman
9 years ago

0

There are enough hints already and this problem is surprisingly simple.

n0ne
9 years ago

0

Completed! Thank you all :D

Walter50
9 years ago

0

You’re welcome, but it’s just the beginning :(

Darks [Dark-Storm]
9 years ago | edited 9 years ago

0

Hi!

The hint “undeundetected” makes me think that execute the script on a script should be ok. So I tried that, but it does not work. So “exactly” means that only the given source code should be on the textarea?
<script > <script>alert('HackThis!!');</script> </script >
I also tried using BBcode, but not working anymore

Thanks for your help :)

Edit: if i say “encapsuled tags like

f0rk [HackingGuy]
9 years ago

0

Dark-Storm, you’re on the right track but I’m afraid you’ll have to dig deeper.

 

There’s no place like 127.0.0.1

Yuriko
9 years ago

0

@Dark-Storm: You should keep working on that hint.

@dloser: The JS code executed is exactly the same; and I’d rather say that the HTML tag <script> is interpreted, IMHO. And anyway, without talking about semantics, as the space characters are stripped, the code executed is the same. The only reason to not accept this answer is due to how the payload is analyzed.
Personally, I think @n0ne’s solution should be considered as valid, simply because it works.

dloser
9 years ago

1

@Yuriko**: don’t be pedantic; that’s my job. :p If you say that ‘execute’ only applies to actual JavaScript, then the challenge description is wrong (as the tags are not valid JavaScript) and you should throw your hands up in the air and give up. ;)

Darks [Dark-Storm]
9 years ago | edited 9 years ago

0

Ok, thanks for your answers, I’ll try again :)

You must be logged in to reply to this discussion. Login
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss