Basic Mission 4 Solution


Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
More
4 years 10 months ago - 4 years 10 months ago #71 by thaGH05T
This is the fourth basic mission that can be found at Hack This Site . Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???

Scenario - This time Sam hard-coded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:

We will start by opening our browsers developer tools or just inspecting the element. Inspect the password field element and see this is not going to help us at this point. But we have another element of interest which would be the button. Lets see what it can do. Again there is a hidden field that has enough information for us to exploit. All we have to do is modify the HTML to use our email address and voila! The password is emailed to us.When we do this we can see the site leaves us a message stating the email address associated with our account can only receive the actual email.

Warning: Spoiler! [ Click to expand ]
Last edit: 4 years 10 months ago by thaGH05T.
The topic has been locked.

Who's Online

We have 126 guests and no members online

N00BZ

  • arslan123
  • ldijkstra
  • erik1188
  • Berti22
  • wanderson-monteiro

Cookies