HackThisSite: Basic 04

05 February 2015 by Antonio Vázquez Blanco


hackthissitelogo

Basic challenge four is another variation of the same history in the challenge number 3. If you reached this level you should have realised that you have very little information you can play with. This reduces the problem to a simple analisys of the three or four lines of html that you are given.

Requisites

You should know what an HTML form is. If you reached this level you should be able to complete it. If you want to know more I encourage you to try to build a test page with a form.

Solution

As always look for information in the page source...

The form contains hidden fields...

The form points to an email address...

Modify the form in order to make the script send you the information.

Thoughts

It is quite common to find hidden fields in forms and when pentesting a webpage it is important to check for information and weak spots in this fields. It is common to find hidden fields without proper sanitization when visible fields are sanitized. This in some cases can be used for SQL injection attacks!


comments powered by Disqus