Forum Login
Basic Mission 4 Solution
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
9 years 5 months ago - 9 years 5 months ago #71 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Basic Mission 4 Solution was created by thaGH05T
This is the fourth basic mission that can be found at
Hack This Site
. Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???
Scenario - This time Sam hard-coded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
We will start by opening our browsers developer tools or just inspecting the element. Inspect the password field element and see this is not going to help us at this point. But we have another element of interest which would be the button. Lets see what it can do. Again there is a hidden field that has enough information for us to exploit. All we have to do is modify the HTML to use our email address and voila! The password is emailed to us.When we do this we can see the site leaves us a message stating the email address associated with our account can only receive the actual email.
Part of the message is hidden for the guests. Please log in or register to see it.
Scenario - This time Sam hard-coded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
We will start by opening our browsers developer tools or just inspecting the element. Inspect the password field element and see this is not going to help us at this point. But we have another element of interest which would be the button. Lets see what it can do. Again there is a hidden field that has enough information for us to exploit. All we have to do is modify the HTML to use our email address and voila! The password is emailed to us.When we do this we can see the site leaves us a message stating the email address associated with our account can only receive the actual email.
Warning: Spoiler! [ Click to expand ] [ Click to hide ]
Part of the message is hidden for the guests. Please log in or register to see it.
If I helped you, buy me a beer!!! Happy Hunting...
Last edit: 9 years 5 months ago by thaGH05T.
The topic has been locked.
Who's Online
We have 220 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.