HTML.. A base of any website.. Our next challenge is based on basic understanding of HTML.. Source code can reveal many important things which sometimes web developers neglect knowingly or unknowingly..
Site: HackThisSite (https://www.hackthissite.org)
Solution: Basic Missions > Basic Level 3
Challenge Description: This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.
So our beloved Sam fixed previous problem this time. But little did he know that users can actually call the files directly and see the output if the validation is not proper. The problem here is that Sam actually uploaded the file, but his coding in the file is to output the password so that password compare script can compare the password in the file with the password entered by user..
As we can see in the source code, there is a file "password.php", this is the file which contains the unencrypted password. Password script will call this file for the password value and compare the result with the value entered by the user.. Well, user can also call the file directly to see what it does.. So let's try that..
Well, the password file just gave it away easily.. Password is: 47442112