Your Turn - or mine?

V4hn · Post by **V4hn** » Mon Oct 06, 2008 12:03 pm

Congratulations, althought it's a pretty nice idea,
whoever made up this challenge, should've known better...

1. XSS-attack - actually just a poc and no attack
=> _don't_ output tainted data but use htmlentities() or whatever

2. RF-attack for spamming the web...
=> you should really cut away parameters, if you provide a 'service' like that...

Post by **adum** » Mon Oct 06, 2008 5:58 pm

thanks for the note -- htmlentites on the output is a good idea in any case.
cheers,
adum

c0mp4ct · Post by **c0mp4ct** » Sun May 22, 2011 9:50 pm

I got a problem with this challenge, it shows:

'pewter scooter ' is incorrect.

but the whitespace isn't there. Here the hexdump:

00000000 70 65 77 74 65 72 20 73 63 6F 6F 74 65 72 0A

Any solution for this?

laz0r · Post by **laz0r** » Mon May 23, 2011 7:47 am

There's a line break at the end (that's what 0x0A is).

CodeX · Post by **CodeX** » Mon May 23, 2011 11:30 am

that is a quite a spoiler

laz0r · Post by **laz0r** » Mon May 23, 2011 12:16 pm

CodeX wrote:that is a quite a spoiler

Whose, mine or c0mp4ct's? The point of the challenge is to host a web page; 'pewter scooter' is given in the challenge text anyway. I identified the error but didn't correct it (I can't anyway, not having access to the relevant server).

CodeX · Post by **CodeX** » Mon May 23, 2011 12:22 pm

oops, my mistake; I misinterpreted it as the password

c0mp4ct · Post by **c0mp4ct** » Mon May 23, 2011 8:08 pm

vi helped me in this case. Learned a lot from this challenge