Forum
![]() | |
W3-BoT![]() 568 Messages GeekÔ$ |
the 06/08/2008 at 20h34![]() Post here for any help request on challenge Mobile-Downloads (in ENGLISH only !) #w3challs'Big Boss |
TheRiddla 10 Messages New Poster |
the 20/06/2013 at 13h47![]() Some advice needed here.I assume I need to steal a cookie for this mission via the mail section.Am I on the right path. Anyone have any good links to help me solve this one? Thanks. |
Eki 4 Messages New Poster |
the 04/02/2014 at 16h08![]() You're apparently still on this challenge (according to what I can see here : your own profile). I can also see that you're still active on the website (last validation is not older than a week). If you seek for some clues for this hack you need to read, and understand, this carefully:
TheRiddla said:
. This might aim you to the main objective which is to send e-mails to other addresses. Let's say yours ? (-: So according to the source code you need to seek how/what to hack to do so. Good luck ![]() |
spectrik 1 Message New Poster |
the 30/12/2016 at 19h37![]() Is it really possible to pass this challenge? Because when i try to spoof that header then it just does not work...websever will redirect me. ![]() |
aleManto 2 Messages New Poster |
the 24/01/2017 at 22h33![]() I've understood the idea of the challenge but I can't understand to whom to send the spam mail ? Thanks |
h4galaz 1 Message New Poster |
the 28/10/2018 at 02h00![]() Well Hello, i tried everything i could. Even setup a local http server to check the headers and the function. I still cant get a mail. Hope someone can get me on the right track if i missed something. ![]() |
luca009 2 Messages New Poster |
the 02/11/2018 at 22h00![]()
aleManto said:
Try 10minutemail.com |
SuperSloth 1 Message New Poster |
the 01/12/2018 at 16h07![]() Hello, Can someone help me? I think I am on the right track, by modifying the headers, but I cannot seem to ever get an e-mail response. I even tried to fill the form normally to try to get an e-mail and I couldn't. Is the e-mail server down by any chance? Thanks |
nova990 1 Message New Poster |
the 15/12/2018 at 02h48![]() So lost- I understand the goal but dont know where to start. Can anyone give me a hint? Using Burpsuite to POST different requests and no luck. Thank you! |
rogi9 1 Message New Poster |
the 04/01/2019 at 15h50![]() Can you guys help me I tried to redirect the site so that host changes but i could not get the email. Am I missing something here ... |
gattsu 5 Messages New Poster |
the 06/06/2019 at 08h29![]() I spent what felt like ages on this challenge. Just for a bit of direction to newbies like myself you will not actually receive an email so stop checking your inbox after every attempt ![]() Also understand the difference between what happens to data sent in the page's form vs data sent via a manufactured request. |
Gr0bR3al 1 Message New Poster |
the 15/08/2019 at 14h31![]() Hi, Below is the information I gained by working on the challege: Your goal is to exploit the contact form of the challege which was abused in the past to send mail to email addresses other than the one specified in the to field of the contact form i.e. admin[at]host. (maybe it will reveal the password on the same contact page) There is a php file named "mail_src[dot]php" and if I'm not wrong, it is the same file being used in the contact form which reveals the details of the contact form and it's working. The only posible way I can think of is to exploit the HOST header which is being used by the contact form to send mail to. Thus, to send mail to our provided mail address, we are required to exploit $to = admin[at]host where we are able to manipulate host from our end. Please correct me if I'm wrong. Manipulating HOST will redirect the whole page to our provided domain so that won't work either. What I want to know now is the next step, If you can provide any hint to the next step apart from the one provided in the latest response, it will be really appreciated. Also, I don't mean to provide any kind of spoilers to anyone new here. If you find this to be doing so, you can remove the post or ask me to do so. |
g0nff 1 Message New Poster |
the 23/10/2019 at 11h16![]()
gattsu said:
I've tried sending the request manually using curl and submitting the form itself, but I must be missing something. I was actually able to get an email to send to my email address, but the message just says message_prefix and my message. Any help is appreciated. Thanks! |