http://www.sensepost.com/qow Question of the Week en Tue, 24 Jul 2007 14:57:00 http://www.sensepost.com/qow/qow-2.html <p>Harry and Sally met online and fell deeply in love. Harry wishes to send Sally an engagement ring via snail-mail but...</p> <p>The local postal service pilfer anything that is not locked in a box with a padlock.</p> <p>Harry and Sally both have lots of boxes (and lots of padlocks) but none where each has a copy of the key..</p> <p>How can Harry get his Ring to Sally ?</p> <p>/mh</p> <p>PS.. i _dont_ claim credit for coming up with this puzzle (or the solution)</p> <p>PPs: For Bonus points, whats this solution better known as?</p> Mon, 7 May 2007 16:36:00 http://www.sensepost.com/qow/qow-1.html <p> Update: </p> <p>Ok.. so 31 chars allowed a quick thinking &lt;img src="http://x.y.z.a"&gt; which got the browser out.. option is gone.. limit is 30 chars (we can keep going to make this arb. smaller.. so the solution is not to find the smallest ip/domain u can get ur hands on :> </p> <p>/mh</p> <hr /> <p>You are faced with a web based application that you know is vulnerable to XSS. You have seen the code.. Now once you submit your details, it will be viewed by an admin/other-user</p> <p>[This QoW is a simple version.. if you can XSS yourself, you win]</p> <p>All you need to do to claim victory, is to submit your details so that the resultant page re-directs you to a listening netcat.</p> <p>No cookie-grab needed (maybe we want to steal the guys referer)...</p> <p>Vulnerable form is <a href="http://qow.sensepost.com/qow1/qow1.html">here</a>, a copy of the CGI's source is <a href="http://qow.sensepost.com/qow1/qow1">here</a>.</p> <p>TIP: U can see from the code, that your stuff has to fit into 31 chars...</p> <hr /> The answer is available <a href="http://www.sensepost.com/blog/1267.html">here</a>. Sun, 6 May 2007 16:36:00 http://www.sensepost.com/qow/whatisthis.html <h3>What is it?</h3> During the course of our assessments we often bump into interesting / exciting problems. For years we have then converted these to mini labs in a virtual environment to ensure that all SensePosters got to play along too. (This way everyone gets to benefit, and we get a bunch of alternative strategies to tackle problems at any given time.) <h3>It's called QoW. Is it released every week?</h3> Its name was set to question of the week way back in 2002 when the QoW setter had more time. These days it is more likely to happen every fortnight. (This is why its RSS'd.) <h3>What's this video stuff?</h3> The video link holds some sanitized videos created for some interesting attacks. Where it makes sense, a video will demo the QoW answer after the new qustion is posted... <h3>Is there a link to past questions?</h3> We are not putting a full list of past QoWs up (mainly so we can stagger them fairly routinely while diving into our past qows). We will keep all available ones linked online. <h3>Where's the `the' in `QoW'?</h3> It got lost.