Skip to main content

Posts

Showing posts with the label Ringzer0 Client side validation is bad!

Ringzero - Java Script - Client side validation is bad!

Ringzero - Java Script - Client side validation is bad! Objective Get the flag Solution: so the first thing I did here was check the source code to see if  I could find the user/pass validation I found this section <script> // Look's like weak JavaScript auth script :) $(".c_submit").click(function(event) { event.preventDefault() var u = $("#cuser").val(); var p = $("#cpass").val(); if(u == "admin" && p == String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)) { if(document.location.href.indexOf("?p=") == -1) { document.location = document.location.href + "?p=" + p; } } else { $("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>"); } }); </script> So here is a script that checks to see if the user name is admin and the password equals a c