Web - Client
Web - Client | XSS - DOM Based [Potentially broken]
Hello,
It appears that there was a slight modification in how the "toString" method behaves in Firefox and Chrome. This broke the "XSS - DOM Based" challenge.
The application would normally check for the following condition before calling the "rng.try" method: `rng.data.callbacks.lose.toString().length == 205 && rng.try.toString().length == 315`. However, if you manually execute `rng.data.callbacks.lose.toString().length` in Chrome’s or Firefox’s console (latest versions), the return value would be 204 instead of 205, same goes for `rng.try.toString().length`, it’s 314 instead of 315.
This prevents the challenge from working as intended as the above condition is essential for the game to work properly. Even if you supply a benign nickname, you won’t get any answer back (try.youlost will not be executed).
I hope this gets fixed soon by changing (205, 315) to (204, 314).
I also messaged Th1b4ud about it, but I guess he prefers forum threads instead of direct messages.
Best regards,
hfz.
bug-2.png (PNG, 25.9 kb)
Web - Client | XSS - DOM Based [Potentially broken]
I ended up solving the challenge, I suppose that the bot has an older version of whatever headless browser it’s using. But still, it’s easy to go down rabbit holes and blame one’s payload for not working properly while the application is the problem. (the payload that worked against the bot didn’t work on my side because I have a newer version of the browser)
Cheers.