Web - Client

mercredi 28 octobre 2020, 12:53  #1
CSP Bypass - Inline code
cukima
cukima
  • 2 posts

Hello,

What is the ’FLAG’ that we need to get ? is it a cookie or something else ? I find a way to bypass the filter, however I am not sure what value we need to get to validate this challenge.

I can share a screenshot of my progress if needed.

Thank you for your help :)

mercredi 28 octobre 2020, 18:23  #2
CSP Bypass - Inline code
tuxlu
tuxlu
  • 2 posts

It’s written "Flag redacted", so I guess the flag is written where "{FLAG_REDACTED}" is. (but only visible to the bot.

jeudi 29 octobre 2020, 12:30  #3
CSP Bypass - Inline code
cukima
cukima
  • 2 posts

Thank you, I get it now :) Just one remark, hookbin is not working with this challenge, may be because of the https?

vendredi 30 octobre 2020, 18:46  #4
CSP Bypass - Inline code
Naelpuissant
Naelpuissant
  • 1 posts

Same, got some 403 when I try some tricks...
For hookbin did your request works with you ?

vendredi 30 octobre 2020, 21:13  #5
CSP Bypass - Inline code
Gacha
Gacha
  • 5 posts

@Naelpuissant You’re not allowed to use script tag, you should try by using another HTML tag that has a JS event (on...=....)

I am at the same part as the author, still don’t know what is the flag.. According to the documentation it could something related to the template engine ?

Thanks

Nouvelle réponse Nouvelle réponse   Nouveau sujet Nouveau sujet