Javascript Mission 4 (bug?)

Learn the basics of how to exploit JavaScript.

Javascript Mission 4 (bug?)

Post by TheGuyWhoGotOn on Wed Jun 25, 2008 3:03 pm
([msg=5749]see Javascript Mission 4 (bug?)[/msg])

If you change the javascript in Firebug to:

Code: Select all
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == "hi")
{
alert("Rawr! win!");
window.location = "../../../missions/javascript/4/?lvl_password="+x;
} else {
alert("Rawr, nope, try again!");
}
}


So you can run it on the site...It says you win but you get nothing for it...
TheGuyWhoGotOn
New User
New User
 
Posts: 2
Joined: Wed Jun 25, 2008 3:01 pm
Blog: View Blog (0)


Re: Javascript Mission 4 (bug?)

Post by mutants_r_us_guild on Wed Jun 25, 2008 4:04 pm
([msg=5750]see Re: Javascript Mission 4 (bug?)[/msg])

that is because all you did is change the function to read the word hi as the correct pass... it does this, displays the correct alert box, however it redirects you to ?level_password=x. x being the value you changed in firebug.... which is now hi. this is incorrect, therefor you have not completed the mission... the trick to these missions is to use alert boxes to beat them... while a human may look at something and miss something... a computer will not. find the part of the function that checks if the value of x is correct. then look for the value it wants...
Image
Image
Image
User avatar
mutants_r_us_guild
Poster
Poster
 
Posts: 246
Joined: Fri May 30, 2008 7:56 pm
Blog: View Blog (0)


Re: Javascript Mission 4 (bug?)

Post by TheGuyWhoGotOn on Thu Jun 26, 2008 9:55 am
([msg=5815]see Re: Javascript Mission 4 (bug?)[/msg])

mutants_r_us_guild wrote:that is because all you did is change the function to read the word hi as the correct pass... it does this, displays the correct alert box, however it redirects you to ?level_password=x. x being the value you changed in firebug.... which is now hi. this is incorrect, therefor you have not completed the mission... the trick to these missions is to use alert boxes to beat them... while a human may look at something and miss something... a computer will not. find the part of the function that checks if the value of x is correct. then look for the value it wants...



If I go to any other site and do this it may go to "sdfe.php" if I get the hidden password in another file. Now if I change the password I need and type that in I still get to sdfe.php.

I've done all the Javascript missions except 3 and 4 the other ones are really easy.
TheGuyWhoGotOn
New User
New User
 
Posts: 2
Joined: Wed Jun 25, 2008 3:01 pm
Blog: View Blog (0)



Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests

cron