Dashboard Articles Playground Discussions More
Follow

Managed to get the execution but still can't pass level ?

54754N4
9 years ago | edited 9 years ago

0

Ok well after trying quite a few times i managed to get the code to get written in the DOM exactly as the level requested for it to be executed using this input : >> <sCriPt>a<script>lert</script>('HackThis!!')</sCriPt>[/spoiler] But i still can’t seem to understand what’s needed for me to pass the level =s any help is really appreciated!

As far as i’ve understood : [spoiler]
- only the ‘script’ tags get filtered (‘h1’ for example doesn’t)
- the filter isn’t case sensitive (since uppercas'ing a few letters in the tag actually gives us the lowercase tag needed for execution)

10replies
3voices
248views
dloser
9 years ago

0

Except that you didn’t. Check the source.

54754N4
9 years ago

0

in the result div i get this :

isn’t it what was asked ? =o

54754N4
9 years ago | edited 9 years ago

0

Ok, if we really wanna play on words, in the question ‘Bypass the filter and execute exactly this code:’ i actually have to :
- bypass the filter
- execute EXACTLY the code they asked for and not an alternative
If this is what i need to do then i’m back to square one haha

dloser
9 years ago

0

You are probably not looking at the actual source but a cleaned-up version of it (using devtools of browser?).

And yes, you have to do both, but one is needed for the other (unlike in your attempt).

? [bolofecal]
9 years ago

0

Maybe the result must be in lower case, like in level says, and you submit

 

?

Image

54754N4
9 years ago

0

Yes i’m actually looking at the source using f12 (the browser’s devtools =O) didn’t know that the browser cleans up the source O.o how can i view the exact source next time if i have to ?

And ty for the answer guys, i guess i need to start over and try to find a way to bypass the filter first, and after that i guess i’d be able to input the correct lowercase string then hehe

Reply has been removed
? [bolofecal]
9 years ago

0

If you view in another threads the “undetected” hint is the best for me.

 

?

Image

dloser
9 years ago

0

Ctrl-U should probably give you the actual source.

54754N4
9 years ago

0

ahh i’ll use ctrl+u from now on then, thanks a lot !

54754N4
9 years ago

0

and thx for the hint i’ll try to understand it hehe

Reply has been removed
Discussion thread has been locked. You can no longer add new posts.
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss