hackthissite.org basic 4 :: email to admin
by Arxleol on Wednesday 24.06.2009, under hackthissite.org, tutorial
In fourth basic mission on hackthissite.org we will examine HTML documents further.
Mission starts with comment:
An email script has been set up, which sends the password to the administrator. Requirements: HTML knowledge, an email address
Now when you open mission text is as following:
This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
If you try to click on button send email to Sam if you click on this button it will only return to you that password was sent. Now what you have to do is to check HTML script and see what’s hidden there.
If you inspect script you will find the following part of code:
<input name="to" type="hidden" value="webmaster@hulla-balloo.com" />
Let’s explain what this part means in fact. Hidden fields are used to store values as in this example this hidden value contains email of SAM.
Next step is to download script if you see source just copy it and then create file on your computer with extension html now open this file with any text editor and paste source code in file. After this find hidden field again and change email to some other value.
To continue open file in your browser and click again on the send email to Sam button and you will see password for this mission: 75fe820e
