HC's Capture the Flag website
CTF Contests
25C3-CTF

25C3-CTF final results

Advisory #63

From team 61xor42

New advisory by : lwi
Affected service(s): cgibas
Severity [lmh] : low

===== Problem =====
XSS bug

http://10.72.1.3/cgi/index.bas?inc=download.bas&gimme=%3Cu%3E70%3C/u%3E for example

===== Impact =====

Steal cookies, rape people etc.

===== Fix =====

Replace < with &lt; and > with &gt;

Rating

[0] (1) no more XSS for cgibas, please (2) more elaborated fixes, plz

Go back

---

Impressum