Hack This Site: Basic Mission 3

Basic Level 3: Deeper Problems

This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

Now, the password file is there. The deeper problem is that the source code exposes where the password file is stored.

<form action=”/missions/basic/3/index.php“method=”post“> <input type=”hidden“ name=”file“ value=”password.php” /><input type=”password“ name=”password” /><br /><br /><input type=”submit“ value=”submit” /></form>

Can you see the password file where the password is stored. Access the file through your browser, by typing out the address in your browser navigation bar. And if you are still wondering about the path of the file, then I suggest you read about absolute and relative URLs.

Here we don’t have an absolute URL, we have a relative URL.

What You Learnt

It is dangerous to save passwords in HTML files. Though PHP code in PHP files are not displayed in the source code, yet storing passwords in PHP files doesn’t eliminate the dangers completely. In this mission, the password was simply in the PHP file and not in any code.

Don’t make this error while designing your password validating PHP files!

Technorati Tags: games, Hacks, hackthissite, internet, Web