Tag: security

Playing with Stripe CTF

I was playing around with Stripe's source code for last year's CTF, and from what I could see online, most people solved Level 4 by using XSS in the password field. But look at the following line in srv.rb:

unless username =~ /^\w+$/
  ie("Invalid username. Usernames must ...

Jim LimGitHubLinkedInStackOverflowontoplist ⋅ Theme by Giulio Fidente.