Axino.net

hack-test.com 3 :: link colour

by Arxleol on Saturday 20.03.2010, under hack-test.com, javascript, tutorial

In third hack-test mission we have to explore javascript function once again however this time it is a bit different. Firstly because we don’t have exact string and secondly because I will introduce javascript injection.

As in previous missions you probably found following javascript function:

function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt ("Please enter password");
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+".htm";
}
else
{
alert("Try again");
}
}

pw is compared to Eingabe however notice that value of pw is string color of link of the current page. So what will we do is easy. We will make injection in the browser URL bar and input injection there to get string output of color.

Javascript injection you have to insert is:

javascript:alert(window.document.alinkColor)

What this do is simpler? It invokes the very same thing that assigned value to pw and then outputs it in alert window.

If you run it you will find that password is #000000

Similar Posts:

:, , , , , ,
No comments for this entry yet...

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit other sites:

Archives