Thursday, June 20, 2013 Basic Challenge 3 | Shivang Desai

Hi guys,

I am enjoying a lot and here's the third challenge.
In this post I will show what I tried and how I solved.

The challenge says "This time Network Security Sam remembered to upload the password file, but there were deeper problems than that."

I wrote about this password file logic in previous post. (click here to have a look at previous blog)

Now we had a file from where our password (user entered password) was going to be compared.

How I solved it ?

First I looked at the "page source" , there was no direct clue but a hidden field with value as "password.php".
This was the main thing to be noticed.

At the first glance, I was a little bit confused and knew that php is server side so there is nothing to be found in "page source".

So what I did was that I googled "Top vulnerabilities in php". It was a blind shot but believe me, sometimes common sense really works.

I found a vulnerability named "Reveal Source Code". As soon as I read this line, I remembered a thing which I faced while making my own website.
The logic was such that you can't see the php code in "page source" as it is server side. But if you know the name of the php file then you can directly view it with address bar.

So here's the shot -
I knew from hidden value that php file was "password.php" and very time I came across this link ""
so I tried the same with password.php instead of index.php

AND TADAAA....! I got the password


Finally, just copy pasted it and challenge-3 was solved.

Enjoy... I hope this post could be helpful to someone needy. :-)

No comments:

Post a Comment