Problem w/ Missions

Learn the basics of how to exploit JavaScript.

Problem w/ Missions

Post by sanddbox on Sat Jul 04, 2009 5:31 pm
([msg=26232]see Problem w/ Missions[/msg])

Hi I was doing some challenges today and stumbled across a little cheat you can do to finish missions without really doing them. Since for some reason I can't send a PM, my question is is there any way to fix it? (Since I can't reveal spoilers you guys kinda have to guess).

The problem is with any challenges (which is most) with this line (here's an example for javascript mission 4):

window.location = "../../../missions/javascript/4/?lvl_password="+x;

I'm not gonna explain how, but if you think about it there is a way to make it go to the site no matter what, which ruins the whole point of doing the challenges.

By the way: If you live without a purpose, then you will die without a legacy.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Problem w/ Missions

Post by Tentra on Sat Jul 04, 2009 5:50 pm
([msg=26235]see Re: Problem w/ Missions[/msg])

I have no idea what your saying, but if you think you found a bug, submit a bug report.
User avatar
Tentra
Poster
Poster
 
Posts: 161
Joined: Wed Apr 30, 2008 4:52 pm
Blog: View Blog (0)


Re: Problem w/ Missions

Post by sanddbox on Sun Jul 05, 2009 1:37 am
([msg=26249]see Re: Problem w/ Missions[/msg])

Well I'm not really sure there is a way to fix it. Look at that line. Here's a hint: window.location = "../../../missions/javascript/4/?lvl_password="+x;

If you still don't get it I wrote the answer in black. highlight it to see.

For example, in level 4 the password is moo, and it checks if x (the value you entered) is the same as moo (the password), then it refers you to
window.location = "../../../missions/javascript/4/?lvl_password="+x; whereas if you substituted that for
window.location = "../../../missions/javascript/4/?lvl_password="+moo; it will input the password for you and solve it, which can be done for most of the missions, effectively ruining the challenge.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Problem w/ Missions

Post by mischief on Sun Jul 05, 2009 2:47 am
([msg=26250]see Re: Problem w/ Missions[/msg])

how does that ruin the mission? the point IS to find the password, and run the password through the password checking script while being logged in, which gives you the credit to your account.

how is this in any way more than that? so what if you use javascript to do it. you could just as easily write your own web browser and solve the missions and the server could care less.
The whole secret of existence is to have no fear. Never fear what will become of you, depend on no one. Only the moment you reject all help are you freed.
--Buddha
User avatar
mischief
Poster
Poster
 
Posts: 355
Joined: Wed Jan 07, 2009 4:16 pm
Blog: View Blog (0)


Re: Problem w/ Missions

Post by sanddbox on Sun Jul 05, 2009 2:03 pm
([msg=26260]see Re: Problem w/ Missions[/msg])

Because you don't have to find any holes in the code. You can just use that to solve every mission. Explained more in black (highlight):

In the case I'm using, (javascript mission 4), moo is the variable that holds the password. So it will enter in the password for you.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)



Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests

cron