HackThisSite: Basic 03

22 August 2014 by Antonio Vázquez Blanco


hackthissitelogo

HackThisSite basic challenge number three. I hope someone likes trying to solve this challenges and enjoys learning basic tricks of computer security. If you have any doubts about why things work like that just ask in the comments section!

Requisites

I understand that you know some basics about programming and that you know what PHP is from the previous challenge. In adition to that you should try to understand how the user can send information to a PHP page. HTML forms should be familiar to you.

Solution

As always look for information in the page source...

The form contains sensible information...

The form points to a password.php file...

Append "password.php" to the current path and that page will return you the level password.

Thoughts

I've already talked about uploading sensible information to webpages. Google is a very good friend for finding vulnerable sites with sensible information. As always you can find more about this in the Google Hack Database in the Exploit Database webpage.


comments powered by Disqus