Help needed hacking

Discuss the many weaknesses of browser security and ways to mitigate the threat

Help needed hacking

Post by optimusinc on Mon Jul 29, 2013 10:32 am
([msg=76670]see Help needed hacking[/msg])

Hey,
I recently attended a hacking competition but was unable to crack this problem.It is actually a fake student login system which they hosted in a local server.I've got to hack and return the details.I was unable to crack this and also I'm a noob at this.

Code: Select all
            function submitData(){
                document.getElementById('txtSN').value=document.getElementById('txtRegNumber').value;
                document.getElementById('txtPD').value=document.getElementById('txtPwd').value;
                if(document.getElementById('txtSN').value == '' || document.getElementById('txtSN').length == 0) {
                    alert(' Please Enter Student Register No/Studen ID');
                    document.getElementById('txtSN').focus();
                    return false;
                }

                if(document.getElementById('txtPD').value == '' || document.getElementById('txtPD').length == 0) {
                    alert(' Please Enter Password');
                    document.getElementById('txtPD').focus();
                    return false;
                }

                document.getElementById('txtPA').value=1;
                document.getElementById('txtRegNumber').value="wishyousuccessfullhack";
                document.getElementById('frmStudentMain').action="youLogin.jsp";
                document.getElementById('frmStudentMain').submit();
}


The submitForm data is above.
optimusinc
New User
New User
 
Posts: 1
Joined: Mon Jul 29, 2013 10:26 am
Blog: View Blog (0)


Re: Help needed hacking

Post by Tentra on Tue Jul 30, 2013 12:16 am
([msg=76677]see Re: Help needed hacking[/msg])

I don't think the source really says anything useful, it's just moving data between variables and checking for input then passing everything to youLogin.jsp. I would assume you don't have the source to that as it would likely be running on the "login server".

Can you provide any additional information? The rest of the Javascript, perhaps?
User avatar
Tentra
Poster
Poster
 
Posts: 157
Joined: Wed Apr 30, 2008 4:52 pm
Blog: View Blog (0)


Re: Help needed hacking

Post by DrRoach on Tue Sep 03, 2013 2:01 pm
([msg=77235]see Re: Help needed hacking[/msg])

I'm useless when it comes to hacking but I suspect that you can use ' to add your own code as theirs doesn't seem to be sanitized. I may be completely wrong though because like I said I'm awful at hacking.
DrRoach
Poster
Poster
 
Posts: 151
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)


Re: Help needed hacking

Post by Goatboy on Tue Sep 03, 2013 10:31 pm
([msg=77238]see Re: Help needed hacking[/msg])

DrRoach wrote:I suspect that you can use ' to add your own code as theirs doesn't seem to be sanitized.

Yeeeaaaaa... You should go read up on SQL injection. Blindly throwing apostrophes around won't get you too far.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Help needed hacking

Post by tgoe on Tue Sep 03, 2013 11:21 pm
([msg=77239]see Re: Help needed hacking[/msg])

And post the results of trying to login with javascript disabled.
User avatar
tgoe
Contributor
Contributor
 
Posts: 621
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests