Hall of Fame


Found Bug in XSS3 Challenge
Alucardo discovered a bug in the XSS3 challenge where it would accept the following as an answer:

http://halls-of-valhalla.org/challenges/xss/xss3.php?topic[]=holiday

The issue was that the code expects topic to be a string and therefore performs string operations on it which would return "NULL" instead of normal results.
  
Credit to alucardo for 5 points on Jan 16 2014 06:39:39.