HackQuest: JavaScript: It’s simple if you see it
As the name implies, it’s simple if you see it (if you don’t, your intelligence isn’t something to brag about).
Name: It’s simple if you see it.
Place: Reston, USA
Target: CyberTecCyberTec was a consulting company that helped MicroWorld produce better software in less time.
As with the previous challenge, start by viewing the source and find the form. This time, they put a nice table in it.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | <form name="form" action="" method="post">
Username <input id="Eingabefeld2" type="TEXT" name=
"Name" value="" size="30" maxlength="30"><br>
Password <input id="Eingabefeld1" type="TEXT"
name="Password" value="" size="30" maxlength="30">
<table border="0">
<tr>
<td>
<input type="BUTTON" name=
"Schaltflächen1" value="Enter Site" id=
"Schaltflaechen1" onclick=
"Spikeman_password(this.form)">
</td>
</tr>
</table>
</form> |
This time, the onclick action calls the function Spikeman_password, sending the relevant form as an argument. Searching for the spikeman_password function, we find that it is almost as simple as the previous password verification function, only with a username added:
31 32 33 34 35 36 37 38 39 40 41 42 | <!----- Script CopyRight © 1996 - 1997 S.Chris Brown (Spikeman) function Spikeman_password(form) { if (form.Name.value=="Gates") { if (form.Password.value=="moneymoneymoney") { window.open ("yes.php","_self") } else { alert("Sorry " +form.Name.value+ ", wrong password.") } } else { alert("Invalid Name") } } |
The function checks whether or not the username equals “Gates” and the password equals “moneymoneymoney”. Enter those values, and the mission is accomplished.
A thought: Why wasn’t this password field a real password field, i.e. with the input hidden?
Använder FireStats