- Scan ID:
- 23926a2d-cdb0-48a2-900a-0be75fd0aabcFinished
- Submitted URL:
- https://54-241-141-242-exchange.vulnerablesites.net/DigiExchange/dashboard
- Report Finished:
Links · 2 found
The outgoing links identified from the page
| Link | Text |
|---|---|
| https://cmdnctrl.net/stats/leaderboard | View the leaderboard> |
| https://cmdnctrl.net/hacking/hints | Get hints |
JavaScript Variables · 11 found
Global JavaScript variables loaded on the window object of a page, are variables declared outside of functions and accessible from anywhere in the code within the current scope
| Name | Type |
|---|---|
| onbeforetoggle | object |
| documentPictureInPicture | object |
| onscrollend | object |
| $ | function |
| jQuery | function |
| _classCallCheck | function |
| _createClass | function |
| Foundation | object |
| cipherHex | string |
| getSearchParams | function |
Console log messages · 1 found
Messages logged to the web console
| Type | Category | Log |
|---|---|---|
| verbose | dom |
|
HTML
The raw HTML body of the page
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>DigiExchange</title>
<script src="js/jquery.min.js"></script>
<script src="js/foundation.min.js"></script>
<script src="js/app.js"></script><meta class="foundation-mq">
<script src="js/cipher.js"></script>
<link rel="stylesheet" href="css/app.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<script>
$(document).ready(function() {
$('#emailError').hide();
$("#loginForm").submit( function () {
var nospaceregex = /^\S*$/g;
//make sure email has no spaces
var email = $("#email").val();
if (!nospaceregex.test(email)) {
$("#emailErrorText").text("Email cannot contain spaces.");
$("#emailError").show();
return false;
}
return true;
});
});
</script>
</head>
<body>
<!-- Want to test out your binary exploitation skills? visit /DigiExchange/binaries to get started -->
<link rel="stylesheet" href="overlay/overlay.css">
<link rel="stylesheet" href="overlay/slick.css">
<link rel="stylesheet" href="overlay/slick-theme.css">
<div class="overlay-wrapper">
<div class="overlay-interior">
<div class="overlay-container">
<div class="overlay-row">
<div class="overlay-col-md-6 overlay-col-lg-8 overlay-col-xl-9">
<h2 class="last-solved-title">Last Solved</h2>
<div class="overlay-last-solved">
<div class="overlay-star">
<svg aria-hidden="true" data-prefix="fas" data-icon="star" class="overlay-star" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512">
<path fill="currentColor" d="M259.3 17.8L194 150.2 47.9 171.5c-26.2 3.8-36.7 36.1-17.7 54.6l105.7 103-25 145.5c-4.5 26.3 23.2 46 46.4 33.7L288 439.6l130.7 68.7c23.2 12.2 50.9-7.4 46.4-33.7l-25-145.5 105.7-103c19-18.5 8.5-50.8-17.7-54.6L382 150.2 316.7 17.8c-11.7-23.6-45.6-23.9-57.4 0z"></path>
</svg>
</div>
<div class="overlay-stat">
<span class="big">300</span>
<span class="small">points</span>
</div>
<div class="overlay-challenge-info">
<h3>Challenge solved</h3>
<p>Post Comment as another user</p>
</div>
</div>
</div>
<div class="overlay-col-md-6 overlay-col-lg-4 overlay-col-xl-3">
<h2>My Stats</h2>
<div class="overlay-player-stats">
<div class="overlay-stat">
<span class="big">5318</span>
<span class="small">score</span>
</div>
</div>
<div class="overlay-form-group">
<a href="https://cmdnctrl.net/stats/leaderboard" target="_blank">View the leaderboard ></a>
</div>
</div>
</div>
<div class="overlay-row">
<div class="overlay-col-md-6 overlay-col-lg-8 overlay-col-xl-9">
<h2>Unsolved</h2>
<div class="overlay-carousel">
<div class="arrow-prev slick-arrow slick-disabled" aria-disabled="true" style="display: block;">
<svg aria-hidden="true" data-prefix="fas" data-icon="chevron-left" class="svg-inline--fa fa-chevron-left fa-w-10 fa-2x" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 320 512">
<path fill="currentColor" d="M34.52 239.03L228.87 44.69c9.37-9.37 24.57-9.37 33.94 0l22.67 22.67c9.36 9.36 9.37 24.52.04 33.9L131.49 256l154.02 154.75c9.34 9.38 9.32 24.54-.04 33.9l-22.67 22.67c-9.37 9.37-24.57 9.37-33.94 0L34.52 272.97c-9.37-9.37-9.37-24.57 0-33.94z">
</path>
</svg>
</div>
<div class="overlay-carousel-items slick-initialized slick-slider">
<div class="slick-list draggable"><div class="slick-track" style="opacity: 1; width: 30000px; transform: translate3d(0px, 0px, 0px);"><div class="slick-slide slick-current slick-active" data-slick-index="0" aria-hidden="false" tabindex="0">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
9
</p>
<p class="challenge-type">
CTF
</p>
<p class="points">Point range:
250 -
500
</p>
</div>
</div><div class="slick-slide slick-active" data-slick-index="1" aria-hidden="false" tabindex="0">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
8
</p>
<p class="challenge-type">
Cross-Site Scripting (XSS)
</p>
<p class="points">Point range:
200 -
400
</p>
</div>
</div><div class="slick-slide slick-active" data-slick-index="2" aria-hidden="false" tabindex="0">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
10
</p>
<p class="challenge-type">
Security Misconfiguration
</p>
<p class="points">Point range:
100 -
700
</p>
</div>
</div><div class="slick-slide slick-active" data-slick-index="3" aria-hidden="false" tabindex="0">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
7
</p>
<p class="challenge-type">
Broken Access Control
</p>
<p class="points">Point range:
50 -
400
</p>
</div>
</div><div class="slick-slide" data-slick-index="4" aria-hidden="true" tabindex="-1">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
8
</p>
<p class="challenge-type">
Injection
</p>
<p class="points">Point range:
10 -
700
</p>
</div>
</div><div class="slick-slide" data-slick-index="5" aria-hidden="true" tabindex="-1">
<div class="overlay-unsolved-tile">
<p class="num-unsolved">
1
</p>
<p class="challenge-type">
Other
</p>
<p class="points">Point range:
350 -
350
</p>
</div>
</div></div></div>
</div>
<div class="arrow-next slick-arrow" aria-disabled="false" style="display: block;">
<svg aria-hidden="true" data-prefix="fas" data-icon="chevron-right" class="svg-inline--fa fa-chevron-right fa-w-10 fa-2x" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 320 512">
<path fill="currentColor" d="M285.476 272.971L91.132 467.314c-9.373 9.373-24.569 9.373-33.941 0l-22.667-22.667c-9.357-9.357-9.375-24.522-.04-33.901L188.505 256 34.484 101.255c-9.335-9.379-9.317-24.544.04-33.901l22.667-22.667c9.373-9.373 24.569-9.373 33.941 0L285.475 239.03c9.373 9.372 9.373 24.568.001 33.941z">
</path>
</svg>
</div>
</div>
<div class="overlay-row">
<div class="overlay-col-md-6 overlay-col-lg-4 overlay-col-xl-3">
<div class="overlay-form-group">
<a class="overlay-button btn-block" href="https://cmdnctrl.net/hacking/hints" target="_blank">Get hints</a>
</div>
</div>
</div>
</div>
<div class="overlay-col-md-6 overlay-col-lg-4 overlay-col-xl-3">
<h2>
Flags
<svg aria-hidden="true" data-prefix="fas" data-icon="question-circle" class="overlay-question-circle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" id="flagTip">
<path fill="currentColor" d="M504 256c0 136.997-111.043 248-248 248S8 392.997 8 256C8 119.083 119.043 8 256 8s248 111.083 248 248zM262.655 90c-54.497 0-89.255 22.957-116.549 63.758-3.536 5.286-2.353 12.415 2.715 16.258l34.699 26.31c5.205 3.947 12.621 3.008 16.665-2.122 17.864-22.658 30.113-35.797 57.303-35.797 20.429 0 45.698 13.148 45.698 32.958 0 14.976-12.363 22.667-32.534 33.976C247.128 238.528 216 254.941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path>
</svg>
</h2>
<form id="submitFlagForm">
<div class="overlay-form-group">
<input name="flag" id="flag" type="text" class="overlay-form-control" value="" autocomplete="off">
</div>
<div class="overlay-form-group">
<button class="overlay-button btn-block">Submit Flag</button>
</div>
<p id="flagNotification" class="flag-notification"></p>
</form>
<div class="overlay-tooltip" x-placement="right-start" data-placement="right-start">
<div class="overlay-tooltip-inner" role="tooltip" aria-hidden="true">
There are a few challenges we can't automatically detect. When you solve one of these, you'll receive a snippet of text called a flag. When you find a flag, submit it here to complete the challenge and earn points.
</div>
</div>
</div>
</div>
</div>
</div>
<button class="overlay-toggle">
<span class="overlay-chevron-down"></span>
<span class="overlay-chevron-up hide"></span>
Challenges & Hints
</button>
</div>
<script src="overlay/slick.min.js"></script>
<script type="text/javascript">
//Returns query string params, either all or by key
function getSearchParams(k){
var p={};
location.search.replace(/[?&]+([^=&]+)=([^&]*)/gi,function(s,k,v){p[k]=v});
return k?p[k]:p;
}
$(document).ready(function() {
// ** TOGGLE OVERLAY ** \\
var toggleOverlay = function () {
$('.overlay-chevron-down').toggleClass('hide');
$('.overlay-chevron-up').toggleClass('hide');
$('.overlay-wrapper').toggleClass('open');
// Reset title every time the overlay is toggled as opposed to opened from completedChallenge.jsp.
$('.last-solved-title').text('Last Solved');
};
$('.overlay-toggle').click(toggleOverlay);
// If flagSuccess=true in url, then pulldown the overlay
if (getSearchParams('flagSuccess') === 'true') {
$('.overlay-wrapper').addClass('open');
$('.last-solved-title').text('Challenge Completed!');
$("#flagNotification")
.css('color', 'green')
.text("Flag submission successful.");
// Remove the query param after page load so that a refresh does not bring the overlay down again
if (window.history.replaceState) {
var newUrl = window.location.href.replace('flagSuccess=true', '');
window.history.replaceState({ path:newUrl }, '', newUrl);
}
}
// ** SHOW FLAGS TOOLTIP ** \\
var showTooltip = function () {
$('.overlay-tooltip').addClass('show');
};
var hideTooltip = function () {
$('.overlay-tooltip').removeClass('show');
};
$('.overlay-question-circle').hover(showTooltip, hideTooltip);
// ** UNSOLVED CAROUSEL ** \\
$('.overlay-carousel-items').slick({
dots: false,
infinite: false,
speed: 300,
slidesToShow: 4,
slidesToScroll: 4,
prevArrow: $('.arrow-prev'),
nextArrow: $('.arrow-next'),
variableWidth: true,
});
$("#submitFlagForm").on('submit', function(e){
e.preventDefault();
$("#flagNotification").text("");
var postData = {
'challengeFlag': $('#flag').val()
};
$.ajax({
url: "submitFlag",
type: 'POST',
data: JSON.stringify(postData),
contentType: 'application/json; charset=utf-8',
success: function(result) {
if (!result) {
console.log('Error submitting flag.');
$("#flagNotification")
.css('color', 'red')
.text("Error submitting flag.");
}
else {
if (result.result === 'ALREADY_COMPLETED') {
$("#flagNotification")
.css('color', 'orange')
.text("Flag has already been submitted.");
}
else if (result.result === 'SUCCESS') {
// reload the page to repopulate the overlay data
window.location.href = window.location.pathname + "?" + $.param({'flagSuccess':'true'});
}
else {
// Shouldn't ever get here
$("#flagNotification")
.css('color', 'red')
.text("Unknown error occurred.");
}
}
}
});
});
});
</script>
<div class="top-bar">
<div class="top-bar-title">
<a href="dashboard;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D">
<img src="img/logo.png">
</a>
</div>
<div>
<div class="top-bar-left">
<ul class="dropdown menu" data-dropdown-menu="vefxsu-dropdown-menu" role="menubar">
</ul>
</div>
<div class="top-bar-right">
<ul class="dropdown menu" data-dropdown-menu="j3oioq-dropdown-menu" role="menubar">
<li role="menuitem">
<a href="/DigiExchange/register.action;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D" tabindex="0">
Register
</a>
</li>
<li role="menuitem">
<a href="dashboard;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D">
Log In
</a>
</li>
</ul>
</div>
</div>
</div>
<!-- provide visual divider between nav bar and main page content -->
<div class="public-divider"></div>
<!-- CCcr elor upnnueitol l espnrouniaeefr!l fu dabyytisito'gtdsn yul mtfasRFnaeytiytree huu eal ogln roo.H:yl cui eteh gialcBdrooprsttSlyodCC laofthe ieCC -->
<div class="background-div">
<div class="row">
<div class="small-12 columns">
<div class="row">
<div class="small-7 columns advertisement">
<h2> DigiExchange </h2>
<hr>
<p>
Go Crazy with Cryptocurrencies!
</p>
<form id="about" name="about" action="/DigiExchange/about.action;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D" method="post" class="columns">
<button class="button">Learn More</button>
</form>
</div>
<div class="login-box small-4 columns">
<div data-closable="" class="callout small alert" id="emailError" style="display: none;">
<div id="emailErrorText"></div>
</div>
<!-- http://www.gocomics.com/foxtrotclassics/2012/07/23/-->
<div class="sign-in-form">
<!-- TODO Delete Test Credentials: cmFuZHlAZXBpcGh5dGUuY29tIC0gdUJXOWlAJDhnZHd5XmFjSA==, cm9vdEBlcnVkaXRvcnVtLm9yZyAtIHhhZDhlcCZ0NXVAaVUydW0= -->
<h4>Sign In</h4>
<form id="loginForm" name="loginForm" action="/DigiExchange/login.action;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D" method="post" role="form" type="post" accept-charset="utf-8">
<input type="text" name="email" value="" id="email" placeholder="Email" autofocus="true" required="true">
<input type="password" name="password" value="" id="loginForm_password" placeholder="Password" required="true">
<button onclick="validateEmail()" class="primary button">Sign In</button>
</form>
</div>
<div>
<a class="forgot-password" href="/DigiExchange/forgotPassword.action;jsessionid=E13A5E7BED93FFCB8038DDF802E84E5D">
<u>Forgot password?</u>
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
$(document).foundation();
function validateEmail() {
return false;
}
</script>
</body></html>