Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Thursday, May 26, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
Members Online: 0

Registered Members: 93840
Newest Member: silentshit
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Author

JS 4

Numlock91
Member



Posts: 4
Location:
Joined: 07.08.13
Rank:
Mad User
Posted on 11-08-13 20:47
I'be used firebug to change the get i then made the button to display the cookie. I'm not sure if i'm displaying the correct cookie could someone point me in the right direction..?
Author

RE: JS 4

rex_mundi
☆ Lucifer ☆



Posts: 1961
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 11-08-13 21:27
You don't need to use firebug or anything else, GET variables are displayed in the browser's address bar.

You're not looking for a specific cookie either, just a generic alert will do.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: JS 4

appas
Member

Your avatar

Posts: 6
Location:
Joined: 19.04.15
Rank:
Wiseman
Posted on 29-04-15 22:30
I don't understand. I can view cookies with Developer Tools (Vivaldi browser), but what am I supposed to do with the cookie and the button? What do you mean by "a basic alert"?
http://matiaswilkman.blogspot.com
Author

RE: JS 4

MrCyph3r
npm ERR!



Posts: 783
Location:
Joined: 09.08.14
Rank:
God
Posted on 29-04-15 22:59
The button is used to send a GET request (named 'submit') to index.php.
A basic alert is something like this:

Code
<script>alert('Hello World');</script>




You need to take advantage of this to make it alert the hidden cookie.
Author

RE: JS 4

appas
Member

Your avatar

Posts: 6
Location:
Joined: 19.04.15
Rank:
Wiseman
Posted on 30-04-15 15:37
Ok, I think I'm on the right path but not quite there. How am I supposed to use the GET parameter?
If I write .......Spoiler removed......... in the Javascript console, I just get an empty alert box. In Developer Tools, I can see the site cookie (with fields beginning fusion_ and a PHP session ID). But I think there is another cookie (the "hidden cookie"Wink

Edited by rex_mundi on 30-04-15 22:32
http://matiaswilkman.blogspot.com
Author

RE: JS 4

rex_mundi
☆ Lucifer ☆



Posts: 1961
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 30-04-15 22:34
The way you exploit the GET is thought the url, don't use firefox or anything else, type in in the address bar.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: JS 4

Huitzilopochtli
Member



Posts: 1394
Location:
Joined: 19.02.13
Rank:
God
Posted on 01-05-15 01:07
What you used in the consol would normally be accepted, but this challenge is hardcoded to only accept the answer via the url, and was made long before you needed to use add ons for the js.