cure53 / xsschallengewiki Goto Github PK

14: <SCRIPT/ASYNC/SRC="/〳⒛₨">
9: <ſcript/ſrc=//⒕₨></ſcript>
4: //prompt.ml%2f@⒕₨

what do the 14/20.Rs stand for , If they are url to pages what script should they contain for the respective challenges?

I tried to replay solution 8 on prompt.ml with latest chrome, firefox and safari. Did not reproduce the prompt(1) output.

Can you please review it?

The Older-Challenges-and-Write-Ups page has links to write-ups for some of the older challenges. However, I think it would be nice to get the write-ups in the same wiki format, so maybe we could port the older write-ups (while of course linking to them etc).

Another benefit of this is that the techniques doesn't go lost if the respective write-up is taken offline. I didn't want to start porting before I got you other people's opinion. What do you guys think?

I think we are close to be ready. If you think so too please comment real quick with a "+1" or "-1". Thanks!

I think it could be better if we can add it on every write-up, as some people may just want to solve it themselves first (I mean, the challenge link is inside the write-up).

I'm not familiar with Github wiki, but I think the ideal way to do it is to place a prompt message to make sure if one really wants to read the write-up, if not feasible we can just put up a header section.

Thoughts?

https://github.com/cure53/xss-challenge-wiki/wiki/prompt.ml/_compare/8e398ad0d36deb9eba95355f07e1a1444324202a...6fca4e9a6e6b8fa69742a28db6ed0478516e98d9

It seems some changes were reverted. Is that a mistake?

in $events array at:
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2015
there is incorrect event name:

	    'oppopstate',

instead of the correct event name:

	    'onpopstate',

https://developer.mozilla.org/en-US/docs/Web/API/WindowEventHandlers/onpopstate

I think we need to create a custom menu or sidebar for puzzles/challenges made by the same author, like kcal.pw, etc. in order to have an organized list.
What do you think?

There were some new levels added to prompt.ml, writeups need to be added for them.

"><svg t=#"onload="prompt(1) works at least on Firefox

The solution for challenge: http://prompt.ml/4 as provided on https://github.com/cure53/XSSChallengeWiki/wiki/prompt.ml#level-4 isn't working.

I want to use Sourcegraph for xss-challenge-wiki code search, browsing, and usage examples. Can an admin enable Sourcegraph for this repository? Just go to https://sourcegraph.com/github.com/cure53/xss-challenge-wiki. (It should only take 30 seconds.)

Thank you!

In Level-8, the writeup themes doesn't work.

my local test is down below:

1. this works well

<script>
    //  console.log("
        alert(1)<!--");
    </script>

1. this doesn't work.

<script>
    //  console.log("
        alert(1)-->");
    </script>

and I can't bypass the Line Break(with [U+2028]), anyone can help?