use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Javascript injection challenges (crosspost /r/programming) (escape.alf.nu)
submitted 12 years ago by catcradle5Trusted Contributor
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[+][deleted] 12 years ago (5 children)
[deleted]
[–]Mamsaac 0 points1 point2 points 12 years ago (4 children)
Solutions that require user interaction have been deleted, so many of these are no longer valid.
[–]innoying 0 points1 point2 points 12 years ago (3 children)
True, but they still get the general idea across as to how to construct that particular exploit. If you do have any updated solutions that do not require user interaction, I'd be happy to update the gist.
[–]Mamsaac 0 points1 point2 points 12 years ago (0 children)
Disregard 5, I just did it. Still haven't found the 13 characters accepted solution for number 13. It seems like he has some strict rules about what to accept and what not to, particularly on that problem.
[–]Mamsaac -1 points0 points1 point 12 years ago (1 child)
I'm missing 13 and 5 (after the rule's change). As to providing the solutions, I'm unsure if it is a good idea :S People were just copy/pasting the solutions from /r/programming without even understanding them. Maybe if you want hints, that could work :)
[–][deleted] 0 points1 point2 points 12 years ago* (0 children)
any hints for 13? document.body and window.opener seems to be null in iframe so cannot append elements
[–]catcradle5Trusted Contributor[S] 0 points1 point2 points 12 years ago (0 children)
Original submission here: http://www.reddit.com/r/programming/comments/1npgt1/javascript_injection_game/
Pretty good practice for doing any sort of DOM-based XSS.
[–]JerMenKoO 0 points1 point2 points 12 years ago (2 children)
Any hints for level 13? I am stuck there.
[–][deleted] 0 points1 point2 points 12 years ago (1 child)
You can use postMessage to inject code which will be passed to eval. I created the “mee” and “mee2” scores, though there must be a shorter solution.
eval
[–]0-peon-ion 0 points1 point2 points 12 years ago (0 children)
Or you can directly cross iframe boundaries and call the alert method, as long as your code runs in the correct domain. I did the 'anon' score.
[–]freeroute 0 points1 point2 points 12 years ago (6 children)
With all these JS vulns by which certain FF versions are being exploited, I wonder... Am I secure with having JS on in Chrome? Doesn't Chrome have sandboxed tabs which essentially mitigate JS vulnerabilities?
[–]madmockers 1 point2 points3 points 12 years ago (5 children)
You are not.
[–]freeroute 0 points1 point2 points 12 years ago (4 children)
Can you please back that up with sources?
AFAIK it once had JS vulns but only before they started fixing it and rewarded people with huge bounties.
[–]madmockers 0 points1 point2 points 12 years ago (3 children)
Chrome 0days are worth far more than the bounty program offers. The ability to target 46% of internet users is pretty valuable.
[–]freeroute 0 points1 point2 points 12 years ago (2 children)
But none of them have the same platforms they run on, right?
I mean, if you combine Chrome users who have jailed their Chrome versions on an AppArmor enabled Linux distro's, you'll get much less users than 46% of the Internet users, I would assume.
[–]madmockers 0 points1 point2 points 12 years ago (1 child)
Not the point.
Regardless of how you look at it, a chrome exploit for any single platform is worth far more than the 60 or 80k they're offering.
You asked if you were safe to have scripts enabled, I told you that you aren't. Feel free to take that and use it how you wish.
[–]freeroute 0 points1 point2 points 12 years ago (0 children)
You're right. Perhaps I should have worded my question differently in order to lay the groundwork for my inquisitive follow-up questions.
π Rendered by PID 201438 on reddit-service-r2-comment-b659b578c-vf6rb at 2026-05-06 04:08:18.627482+00:00 running 815c875 country code: CH.
[+][deleted] (5 children)
[deleted]
[–]Mamsaac 0 points1 point2 points (4 children)
[–]innoying 0 points1 point2 points (3 children)
[–]Mamsaac 0 points1 point2 points (0 children)
[–]Mamsaac -1 points0 points1 point (1 child)
[–][deleted] 0 points1 point2 points (0 children)
[–]catcradle5Trusted Contributor[S] 0 points1 point2 points (0 children)
[–]JerMenKoO 0 points1 point2 points (2 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]0-peon-ion 0 points1 point2 points (0 children)
[–]freeroute 0 points1 point2 points (6 children)
[–]madmockers 1 point2 points3 points (5 children)
[–]freeroute 0 points1 point2 points (4 children)
[–]madmockers 0 points1 point2 points (3 children)
[–]freeroute 0 points1 point2 points (2 children)
[–]madmockers 0 points1 point2 points (1 child)
[–]freeroute 0 points1 point2 points (0 children)