Dashboard Articles Playground Discussions More
Follow

I need help please

someoneisbetter
5 years ago

0

Hello there,

I’m starting to loose my cool, this is so frustrating.

Got it to display by editing input accordigly. Doesn’t work.

Got it to execute the same alert with developer console, doesn’t work.

Is the hidden token attribute of any importance? Find it very difficult to find out what exactly it does.

Can someone please give me some hint :(

11replies
4voices
253views
letalis
5 years ago

0

What have you tried?

If you think you have the correct line, just type it in the box and hit submit. You don’t have to type it in Dev Tools or anywhere else

playerk3tt0
5 years ago

0

It works for me.
You should use only the “Input:” textarea.
If you edit the source code of the input, it won’t change the real site.
You need to use a kind of technique which is very common in web hacking.

playerk3tt0
5 years ago

0

When you have the correct answer, you won’t see any alert, it will only give you points. :)

someoneisbetter
5 years ago

0

When I put

<script>alert(‘HackThis!!’);</script>

into the input field, it prints exactly what we want beneath. Doesn’t work though.

I looked at XSS Cheat Sheet and tried a few, without success so far :/

Any hint?

fred [feuerstein]
5 years ago

0

Re-read the hint. You need exactly…

someoneisbetter
5 years ago

0

I don’t have any hints, do you mean this: “Bypass the filter and execute exactly this code:”

fred [feuerstein]
5 years ago

0

Yes, it has to be exact

someoneisbetter
5 years ago

0

And by executing, it is meant that exactly this code should show up in between the

tags in the source code?

I’m sorry if these questions are dumb, but I really don’t get the exercise, wouldn’t you be completely happy as soon as your code is executed on the site, no matter how exactly you achieved it in the first place? In reality I mean?

someoneisbetter
5 years ago | edited 5 years ago

0

dividing the original tag by inserting another

Does it filter anything else than complete

someoneisbetter
5 years ago

0

Sitting in front of this two days straight now and I’m starting to feel dumb as fuck

playerk3tt0
5 years ago | edited 5 years ago

0

Are you sure about that, you are using the right syntax? :P
Hint:

The End

Discussion thread has been locked. You can no longer add new posts.
1 of 12

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss