basic 28

hm…. hi everybody ! i have no clue how to pass basic 28 i'm trying something like Form Post Hijacking XSS and its not working at all am i in the right track?

It does involve xss, but you need to use a few special characters. What you're looking for is a 4 letter acronym. If you can figure out what it is and google it, it shouldn't be too tough to find the answer.

ynori7 wrote: It does involve xss, but you need to use a few special characters. What you're looking for is a 4 letter acronym. If you can figure out what it is and google it, it shouldn't be too tough to find the answer.

It's so not xss! You can try google email form injections, and similiar, and of that isn't successful gimme a pm

clone4 wrote: It's so not xss! You can try google email form injections, and similiar, and of that isn't successful gimme a pm Maybe I just don't know the right name for it, but I did it the same way I would do an xss anyway.

ynori7 wrote :

Maybe I just don't know the right name for it, but I did it the same way I would do an xss anyway.

Copy and paste ?

That sounds overly sarcastic , but it was intended as a joke .:|

I think I have the answer…but I cant seem to get the proper syntax for the exploit??? May I pm someone who has already done this so that I can show what ive got? Its been a very long time since Ive been back to this site and Im just trying the new challenges. Thanks

LordChiron wrote: I think I have the answer…but I cant seem to get the proper syntax for the exploit??? May I pm someone who has already done this so that I can show what ive got? Its been a very long time since Ive been back to this site and Im just trying the new challenges. Thanks

yeah sure hit me up. include what you've tried pls !

You can pm me as well…

Have u seen my video on CRLF injections?

link: http://www.screencast.com/t/n09WWPAfe9

Very nice tutorial…..well explained, thankyou!

It will help you on solving tha chall…

I have a question, Im on a public library computer that has every restiction possible but Ive managed to bypass there security to be able to visit blocked websites…they only have IE for a browser and I cant download any other browser like FF. Can this challenge still be done with IE? I cant get Tamper.

TamperIE Web Security Tool is a small utility that enables HTML-form tampering for penetration testing of web applications. Is an Internet Explorer Browser Helper Object which allows tampering with HTTP requests from Internet Explorer 5 and above.

link: http://wareseeker.com/System/tamperie-web-security-tool-1.2.zip/306068

should have used google for that info….didnt think anyone but FF had that utility…sorry. Unfortunately the library has a restriction on running programs not already on the system so I cant run it or even save it….unless I save it to a cd….hmmm might try that

Can I PM someone for a hint or a push to the right direction? I got the basic idea what I want to do and some idea how to do it, but I'm doing something wrong here.

erm4c wrote: Can I PM someone for a hint or a push to the right direction? I got the basic idea what I want to do and some idea how to do it, but I'm doing something wrong here.

yeah sure why not:)

feel free to pm someone…

Got it. Thanks to clone4 and CypherHell for the help.

i know i have to change the 'POST' using T***** D*** but im not sure what feild and what to put in…does it require encoding?

It's been a while since I completed this challenge, so I'm not sure about what you're doing. Anyway, you can pm me and I'll try to help you.

It's really quite simple, you should be able to get it if you look at the video Cyph3rHell posted.

yeah i looked at the video, the things im trying are simple stuff but i think they might be too simple :P

OK, PM me, and tell me what you have tried.

can i pm some one about this challenge because im getting nowhere i have looked at cyph3rhell's video but no cigar all i need is a gentle nudge or a brick round my head lol any help would be great

Well I know of two ways of doing this challenge. Before I hint on those two methods I will state the most important part of this challenge. When you send any data over the internet whether it be email or what not, it sends your information as a request. Hmm, how are request read? What ends a request line? after you get that little riddle you should get it in like 2 secs.

Method 1: Use the knowledge you find from the previous hint and find out how to insert it like you would for BB code. Proper usage is important.

Method 2: As previous stated, T***** D***. But when you use this you just need to focus on intercepting the "email". Also if you read up on how email injections work plus knowing how requests work you will know how to inject this email.

elmiguel wrote: Method 1: Use the knowledge you find from the previous hint and find out how to insert it like you would for BB code. Proper usage is important.

Method 2: As previous stated, T***** D***. But when you use this you just need to focus on intercepting the "email". Also if you read up on how email injections work plus knowing how requests work you will know how to inject this email. Or alternatively, write a one line php script; or whatever other language you prefer.