Saturday, 17 October 2015

Solution: CanYouHackIt - Logic Challenge 3

Leave a Comment

Ok, so here we go with the logic challenge no. 3 from CanYouHackIt.. It is pretty simple thought.. It was a problem or you can say easy vulnerability back in days when people weren't used to use server side scripting languages.. HTML just came into the picture and people were thrilled to use it, but some of them actually forgot the basic element that HTML is a client side mark-up language and not server side.. So, this challenge is based on that vulnerability.. It is fun though.. The method can be helpful in many other ways..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Logic > Logic Challenge 3 > The thing you thought was really cool back when you were still a noob


Basic understanding is that HTML client side output can also reveal so many important things.. Like, directories being used to get js/css/other script files.. File which is being called for the POST/GET methods of the Login/Registration/Form pages.etc.. I hope you got what I wanted to convey..

So, if we think about this challenge, it clearly says "What do you mean you don't know. The password is right here.".. Hmmm.. Looks like it is hidden in the plain site... So you can open up the source code of the visible html output on your browser by either Right Click > View Source or shortcut key Ctrl+U... Let's see what we can find with this in our little challenge..


And there it is.. Written in the commented line --> <!-- Password is htmlcomment -->
So we got our password...


Hope you liked it.. :)
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment