Javascript Mission 4

Learn the basics of how to exploit JavaScript.

Re: Javascript Mission 4

Post by Starman11 on Fri Jul 29, 2016 1:31 pm
([msg=92683]see Re: Javascript Mission 4[/msg])

Just finished this level, I see why you all feel like idiots. I don't wish to spoil it for the users who haven't completed this level yet, but I would like to offer a hint: the password length is terrible, also, there is some "hidden" code. I'll shut up now :D
Starman11
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


Re: Javascript Mission 4

Post by FapperJack on Sun Jul 22, 2018 8:32 am
([msg=96012]see Re: Javascript Mission 4[/msg])

Bahaha, this mission reminds me of a cruel but similar prank we used to play on each other back in college.
This time I fell for it :roll:
FapperJack
New User
New User
 
Posts: 1
Joined: Sun Jul 22, 2018 8:30 am
Blog: View Blog (0)


Re: Javascript Mission 4

Post by JACKYNAUTIYAL on Wed Jan 23, 2019 5:33 am
([msg=97213]see Re: Javascript Mission 4[/msg])

GOT THIS SCRIPT:

<script language="Javascript"> RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "../../../missions/javascript/4/?lvl_password="+x;
} else {
alert("Rawr, nope, try again!");
}
}

</script>
====================
This is the most cunning part, it misleads us.For people like you and me when we take a quick glance we see our password is compared with ""+RawrRawr+"" and more over in the above line this is written:
"+RawrRawr+" == "hack_this_site"
this is enough to mislead.If you watch it closely actually x is not compared with +RawrRawr+ more over its compared with RawrRawr in the start and end "" is added with it but "" is null so we only need value of RawrRawr and you can clearly see the value in the script itself.!
JACKYNAUTIYAL
New User
New User
 
Posts: 14
Joined: Mon Jan 21, 2019 1:22 am
Blog: View Blog (0)


Previous

Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests