Basic 26

I think i am doing it right. I write the "code" and then a window pops out , but i am not getting any points. I will be very happy if i can pm someone with what i am doing.

Sure, you can PM me :)

do you mind me pm'ing you too :P?

Same here, the alert pops up, but no points received.

i dont even know anything about this window :S

I have to simplify my injection somehow….:(

you can pm me if u like

I don't know if you were talking to me or djdotti, but i pm'ed Uber and he told me i need to find a way to simplify it. I'm just trying to think how i can do this.

to anyone who needs help lol.

I could you some.

Yes nights_shadow think on what Uber has said to you. I think you are making the same mistake like i was doing because he said me the same thing ;)

Okay ,, i need help i couldn't get whatever you guys are talking about :angry:

i read about xss and bbcode exploits/injection

i got some sample codes but it doesn't work the BBcode that "doesn't work":right:

what exactly should i learn here .. (xss/css) , JS ?!

and could you point me to articles or websites that would teach me how the exploit work

Oh and another thing to be sure about .. is IE7 blocking this kind of (exploit/code) :right:

thanks

This will greatly help you;): http://www.hellboundhackers.org/articles/748-CSS-XSS.html

flame_1221 wrote: This will greatly help you;): http://www.hellboundhackers.org/articles/748-CSS-XSS.html

uhh ,, what if i have no experience at all in css-xss

i don't seem to get it !

i did something that viewed the right list of HBH where it says:

you have xxx points -My Profile-

avatar

Edit Profile Private Messages Logout

i viewed all that list in the test thread table ..

honestly i have no idea what i am doing :whoa:

But i want to B)

Thanks

You can PM me:)

flame_1221 wrote: You can PM me:)

PM Sent :happy:

Hi! i was able to display a centered, red, bold 'TEST' string on the table with a pop-up alert containing the session cookie on load but after closing it, nothing happens… any tips on what step i'm still missing? Thanks.

I found one that worked on FF too. Why the hell only the IE one is accepted?

I do it in ff and had found several that makes pop up in IE but did not accepted in the challenge:p

quangntenemy wrote: I found one that worked on FF too. Why the hell only the IE one is accepted? Because this challenge isn't focused on ALL the known XSS vectors but just on one that works only on MS IE

There is an article on HBH that basicly gives you the challenge. This artile is also posted in another thread on this same mission.