Yourself PHP (PHP, Exploit, XSS)
Yourself PHP
Your mission is to inject <script>alert(1);</script> into this script, and make it popup a javascript alert.
The checkit() function tests your injected string for a few static solutions.
Please try to use as less characters as possible and inject the exact same string as above.
Note: This challenge is simulated, and does only check for a few static solutions.
The real XSS flaw got silently fixed, because of security concerns. Thanks noother!
So even if you inject the right code, it will not execute anymore.
The checkit() function tests your injected string for a few static solutions.
Please try to use as less characters as possible and inject the exact same string as above.
Note: This challenge is simulated, and does only check for a few static solutions.
The real XSS flaw got silently fixed, because of security concerns. Thanks noother!
So even if you inject the right code, it will not execute anymore.
GeSHi`ed php code for index.php
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 3031 32 33 34 3536 37 38 39 4041 42 43 44 4546 47 48 49 5051 52 53 54 | <?php require 'checkit.php'; # required to check your solution/injection chdir('../../'); # chroot to web root define('GWF_PAGE_TITLE', 'Yourself PHP'); # Wrapper hackrequire_once('challenge/html_head.php'); # output start of website # Get the challenge if (false === ($chall = WC_Challenge::getByTitle('Yourself PHP'))) { $chall = WC_Challenge::dummyChallenge('Yourself PHP', 4, 'challenge/yourself_php/index.php', false);} # And display the header $chall->showHeader(); # Show mission box (translated)echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t')); # Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input. if (phpself_checkit()) { $chall->onChallengeSolved(GWF_Session::getUserID()); } # Show this file as highlighted sourcecode, if desired if ('christmas' === Common::getGetString('highlight')){ $msg = file_get_contents('challenge/yourself_php/index.php'); $msg = '['.'code=php title=index.php]'.$msg.'['.'/code]'; echo GWF_Box::box(GWF_Message::display($msg)); } # __This is the challenge: if (isset($_POST['username'])){ echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username')))); } echo '<div class="box box_c">'.PHP_EOL; echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']).PHP_EOL;echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')).PHP_EOL; echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>').PHP_EOL; echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>').PHP_EOL; echo sprintf('</form>').PHP_EOL; echo '</div>'.PHP_EOL;# __End of challenge # Print Challenge Footerecho $chall->copyrightFooter(); # Print end of website require_once('challenge/html_foot.php'); ?> |