Page 1 of 1
Your Turn - or mine?
Posted: Mon Oct 06, 2008 12:03 pm
by V4hn
Congratulations, althought it's a pretty nice idea,
whoever made up this challenge, should've known better...
1.
XSS-attack - actually just a poc and no attack
=> _don't_ output tainted data but use htmlentities() or whatever
2.
RF-attack for spamming the web...
=> you should really cut away parameters, if you provide a 'service' like that...
Posted: Mon Oct 06, 2008 5:58 pm
by adum
thanks for the note -- htmlentites on the output is a good idea in any case.
cheers,
adum
Posted: Sun May 22, 2011 9:50 pm
by c0mp4ct
I got a problem with this challenge, it shows:
'pewter scooter ' is incorrect.
but the whitespace isn't there. Here the hexdump:
00000000 70 65 77 74 65 72 20 73 63 6F 6F 74 65 72 0A
Any solution for this?
Posted: Mon May 23, 2011 7:47 am
by laz0r
There's a line break at the end (that's what 0x0A is).
Posted: Mon May 23, 2011 11:30 am
by CodeX
that is a quite a spoiler
Posted: Mon May 23, 2011 12:16 pm
by laz0r
CodeX wrote:that is a quite a spoiler
Whose, mine or c0mp4ct's? The point of the challenge is to host a web page; 'pewter scooter' is given in the challenge text anyway. I identified the error but didn't correct it (I can't anyway, not having access to the relevant server).
Posted: Mon May 23, 2011 12:22 pm
by CodeX
oops, my mistake; I misinterpreted it as the password
Posted: Mon May 23, 2011 8:08 pm
by c0mp4ct
vi helped me in this case. Learned a lot from this challenge
