Javascript Mission 1: Both Win and Fail

Learn the basics of how to exploit JavaScript.

Javascript Mission 1: Both Win and Fail

Post by SilenceSpeaks on Wed Jul 18, 2012 8:11 pm
([msg=68158]see Javascript Mission 1: Both Win and Fail[/msg])

For some reason, when I entered the pastry-that-is-the-password, I got an alert saying "Win" and then I got another alert saying "Fail" after I click "ok" on the "Win" alert? Why does this happen?
SilenceSpeaks
New User
New User
 
Posts: 1
Joined: Wed Jul 18, 2012 8:07 pm
Blog: View Blog (0)


Re: Javascript Mission 1: Both Win and Fail

Post by limdis on Wed Jul 18, 2012 9:59 pm
([msg=68159]see Re: Javascript Mission 1: Both Win and Fail[/msg])

I checked the mission and it works fine. PM me what you did.
(you will need to post 1 more time to do so though, min of 2)
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1388
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Javascript Mission 1: Both Win and Fail

Post by Acidiferous on Fri Jul 20, 2012 5:34 am
([msg=68185]see Re: Javascript Mission 1: Both Win and Fail[/msg])

I have testet this in IE and it worked, but when i enabled compatibility mode in IE i got the same error as you. Do you have compatibility mode enabled?

[Edit]

I testet it a little more and it's not a compatibility mode error.

It happens when you complete the mission two times in a row.
Did it in IE, IE with compatibility mode enabled and Firefox, they all did the same.

[Edit]

(Replaced the password with qwerty)

Code: Select all
function check(x)
{
        if (x == "qwerty")
        {
                        alert("win!");
                        window.location += "?lvl_password="+x;
        } else {
                        alert("Fail D:");
   }
}


It is the:

window.location += "?lvl_password="+x;

So when you completet it twice it will be:
Code: Select all
http://www.hackthissite.org/missions/javascript/1/?lvl_password=qwerty?lvl_password=qwerty

And so on :)

And instead of printing: Congratulations, you have completed this challenge.

It prints: <script language="Javascript"> alert("Fail D:"); </script>

Atleast that's what i think. Can we see the server side? ;)
Acidiferous
Experienced User
Experienced User
 
Posts: 61
Joined: Tue Mar 29, 2011 9:49 am
Location: Europe
Blog: View Blog (0)



Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests

cron