Commit bafe578

committed

Switch to caloogle.xyz

1 parent 376ec2e commit bafe578Copy full SHA for bafe578

File tree

16 files changed

+16

-16

lines changed

exercises
- 01
  - problem.md
- 02
  - problem.md
- 03
  - problem.md
- 04
  - problem.md
- 05
  - problem.md
- 06
  - problem.md
- 07
  - problem.md
- 08
  - problem.md
- 10
  - problem.md
- 11
  - problem.md
- 12
  - problem.md
- 14
  - problem.md
- 15
  - problem.md
- 16
  - problem.md
- 17
  - problem.md
server
- index.js

16 files changed

+16

-16

lines changed

`‎exercises/01/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ You decide to check out their website and look for a Reflected XSS vulnerability`
`12`	`12`
`13`	`13`	Find a way to inject a `<script>` tag into your competitor's site. Once you find a way to execute code on their site, you should call the `success()` function. If you've done it correctly, you should see a browser alert telling you that you succeeded.
`14`	`14`
`15`		`-<iframe src='http://localhost:4010'></iframe>`
	`15`	`+<iframe src='http://caloogle.xyz:4010'></iframe>`
`16`	`16`
`17`	`17`	`Since this is a Reflected XSS attack, take note of the fact that the URL of the victim site contains a URL-encoded version of your "attack input".`
`18`	`18`

`‎exercises/02/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,6 @@ router.get('/search', async (req, res) => {`
`20`	`20`
`21`	`21`	You should be able to make a small change to your "attack input" from the last exercise and your Reflected XSS attack should continue to work against their users. Unleash more `<script>` pwnage!
`22`	`22`
`23`		`-<iframe src='http://localhost:4020'></iframe>`
	`23`	`+<iframe src='http://caloogle.xyz:4020'></iframe>`
`24`	`24`
`25`	`25`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/03/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ router.get('/search', async (req, res) => {`
`18`	`18`
`19`	`19`	Can you think of a way to defeat their improved sanitization code and get your `<script>` tag into the page using the search input field?
`20`	`20`
`21`		`-<iframe src='http://localhost:4030'></iframe>`
	`21`	`+<iframe src='http://caloogle.xyz:4030'></iframe>`
`22`	`22`
`23`	`23`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/04/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,6 @@ router.get('/search', async (req, res) => {`
`22`	`22`
`23`	`23`	Can you think of a way to defeat their improved sanitization code and get your `<script>` tag into the page using the search input field?
`24`	`24`
`25`		`-<iframe src='http://localhost:4040'></iframe>`
	`25`	`+<iframe src='http://caloogle.xyz:4040'></iframe>`
`26`	`26`
`27`	`27`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/05/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,6 @@ router.get('/search', async (req, res) => {`
`20`	`20`
`21`	`21`	Can you think of a way to defeat their improved sanitization code and get your `<script>` tag into the page using the search input field?
`22`	`22`
`23`		`-<iframe src='http://localhost:4050'></iframe>`
	`23`	`+<iframe src='http://caloogle.xyz:4050'></iframe>`
`24`	`24`
`25`	`25`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/06/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,6 @@ router.get('/search', async (req, res) => {`
`22`	`22`
`23`	`23`	Find the XSS vulnerability in the search input field. You should not use a `<script>` tag in this attack.
`24`	`24`
`25`		`-<iframe src='http://localhost:4060'></iframe>`
	`25`	`+<iframe src='http://caloogle.xyz:4060'></iframe>`
`26`	`26`
`27`	`27`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/07/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,6 @@ router.get('/search', async (req, res) => {`
`22`	`22`
`23`	`23`	Find the XSS vulnerability in the search input field. You should not use a `<script>` tag in this attack.
`24`	`24`
`25`		`-<iframe src='http://localhost:4070'></iframe>`
	`25`	`+<iframe src='http://caloogle.xyz:4070'></iframe>`
`26`	`26`
`27`	`27`	Before you move on to the next exercise, remember to copy your "attack input" into the `SOLUTIONS.md` file.

`‎exercises/08/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,6 @@ Note: Do not attempt to look at the server's server-side source code to see`
`20`	`20`
`21`	`21`	Try submitting various inputs and then look at the HTML source of the `<iframe>` to figure out what their sanitization code must be doing.
`22`	`22`
`23`		`-<iframe src='http://localhost:4080'></iframe>`
	`23`	`+<iframe src='http://caloogle.xyz:4080'></iframe>`
`24`	`24`
`25`	`25`	Before you move on to the next exercise, remember to copy your "attack input" as well as your server code into the `SOLUTIONS.md` file.

`‎exercises/10/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ But upon closer inspection, it appears that they're not using the function corre`
`18`	`18`
`19`	`19`	Try submitting various inputs and then look at the HTML source of the `<iframe>` to figure out what their sanitization code must be doing.
`20`	`20`
`21`		`-<iframe src='http://localhost:4100'></iframe>`
	`21`	`+<iframe src='http://caloogle.xyz:4100'></iframe>`
`22`	`22`
`23`	`23`	Before you move on to the next exercise, remember to copy your "attack input" as well as your server code into the `SOLUTIONS.md` file.

`‎exercises/11/problem.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,6 @@ But, in their haste, they seem to have forgotten to think of all the cases... to`
`12`	`12`
`13`	`13`	`1. Write out the code that you believe the server must be executing to process the input.`
`14`	`14`
`15`		`-<iframe src='http://localhost:4110'></iframe>`
	`15`	`+<iframe src='http://caloogle.xyz:4110'></iframe>`
`16`	`16`
`17`	`17`	Before you move on to the next exercise, remember to copy your "attack input" as well as your server code into the `SOLUTIONS.md` file.

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit bafe578

File tree

16 files changed

16 files changed

`‎exercises/01/problem.md‎`

`‎exercises/02/problem.md‎`

`‎exercises/03/problem.md‎`

`‎exercises/04/problem.md‎`

`‎exercises/05/problem.md‎`

`‎exercises/06/problem.md‎`

`‎exercises/07/problem.md‎`

`‎exercises/08/problem.md‎`

`‎exercises/10/problem.md‎`

`‎exercises/11/problem.md‎`

0 commit comments