Wooooooow I’m impatient to have a look at it! Thanks @flabbyrabbit !! :D
Also, did you notice the people in the About section are real? Cool…

Goodbye diploma paper. Gonna miss you! :)

And have you noticed that main level 10 is between level 1 and level 2 ? :p
Thank you for real 6 flabby :)

Yeah just noticed that as well fkpuzat.
Great to have a new level, thanks flabby!

Hmmm…wonder when the Forum about it is gonna come on :)

Anyone made any progress on this one yet?

I was thinking that since “This level is not simulated and is reliant on a number of supporting systems.”, maybe one of those systems would be an automated browser that rendered javascript, making xss the way to go. I did find a way to set up a cookie stealer, but there were no cookies caught :(.

So with that I’m pretty much back to square one…

@Fireshard there have been some solvers. @dloser has solved it for example, and I’m making progress :)

Morning all :)

There have been 2 people complete the level so far. One being me and the other being @dloser. However the solution has since been tweaked to make it a little more tricky

Have fun

Nicely done, guys! I was thinking XSS as well…But I’m not exactly sure how to do it. I can’t seem to find a XSS vulnerability anywhere. I’ve tried several suggestions from OWASP to get my XSS to be valid, but it didn’t work. I’ve abandoned it for the day, since i really must be working on my diploma paper, but i’ll be back to it asap :)

Happy “hunting!”

Also, @flabbyrabbit , will we get another level discussion forum? :)

I can get simple alerts working, cookie stealers kinda, I can even run a small csrf, but I’m piecing together the bigger puzzle now :) I’m also taking time out for a while ;)

Nice! Now I have something to waste my free time. Thanks @flabbyrabbit!

It’s happening again. I am not sure whether it was fixed before or not. But again the numbers are getting incremented as soon as the post is added.

Hahaha it’s true!!

And the H1 tag nightmare has begun!!

What is causing that to happen is line #204-208 of comments. js
var $responses = $('#comments > h2'); var tmp = $responses.text().replace(/(\d+)+/g, function(match, number) { return parseInt(number)+1; }); $responses.text(tmp);

It matches any number in the h2 tag and increases them by one, instead of only the “x responses” part. This increase only happens for the poster, and is only there until the page is reloaded.

I made an issue on github about it, https://github.com/HackThis/hackthis.co.uk/issues/133 :).

Edit: and it should now be fixed.

Thanks for the heads up, this is now fixed :)

Real Level 6 discussion thread has been opened. I am closing this thread now. See you in there. ;)