Category: Tips

HTS Basic Web 4: Alter the Hidden Fields

In the fourth basic web mission, Network Security Sam apparently hasnt learnt anything from his prior mistake. In the third basic web mission, we extracted information from hidden form fields and thereby found out the name of a password file. The procedure is essentially the same in this mission. As usually, check the source code first. These snipets have been formated for easier reading:

As you can see, this level contains two forms. The upper one is the Send password to Sam button, and the lower one is the password field. You should already have noticed the highly suspicious hidden field in the upper form. Its purpose is obvious: it supplies the email address that the password will be emailed to. From merely knowing this address, you cannot achieve anything (except if you managed to hack the server). Therefore, you should alter the field to contain your email address instead of Sams.

In order to enter your own information in to, the hidden field, you can create a local copy of the form. In your modified version, you can either change webmaster to your own email address, or change the type="hidden" to type="text". The prior changes the email address automatically, while the latter allows you to enter another address.

If you are pedantic and want your local version to validate, use the following code.

Remember to change the URL from local to absolute ( instead of /missions/basic/4/level4.php). Save the file as e.g. hackthissite.htm, then open it in your web browser.

How To Restrict Editing by Non-Logged-In Users in MediaWiki

If you administer a MediaWiki Wiki, youve probably come across wiki spam. There is a quite simple way of fixing this. Just edit the file LocalSettings.php in the root directory and add the following line at the bottom (or anywhere else):

$wgGroupPermissions['*']['edit'] = false;

This will remove the edit-permissions from users who have not yet logged in. If a guest tries to edit, they will be prompted to log in. Since you would no longer be able to edit using only your IP address as a signature, adding the following line might be desired too:

$wgShowIPinHeader = false;

Doing so removes the IP address from the header for non-logged-in users (logged-in users wouldnt see it anyway). Happy wikiing.

Google Evaluation Rating Projects

Is Google leaking referer HTTP fields? I just saw this line in Timblogs referer log:

Trying to access the page was fruitless, and so was trying to access and both resulted in a simple page saying nothing but Not Found Error 404. I tried yet another level down gave me a 403 forbidden error:


The user XXXXXX@XXXX.XX is not a member of EWOQ. Please contact the for access.

My Google accounts email address was there. Ive got no idea about what this is. At least that Google worker (?) was using Firefox.a

FireStats 1.3.0 Beta Out: Search Terms Statistics

A while ago, I posted about using FireStats for MediaWiki statistics. For some weeks now, Ive been using FireStats for tracking statistics on this WordPress blog, too. This is by far the best statistics plugin that I have ever seen. You can find out most things about your visitors patterns through a nice AJAX interface. Also, it doesnt use any JavaScript against visitors, which wins it a lot of points in my eyes.


Recently, the beta for FireStats 1.3.0 was released with a long-awaited feature: recording of search engine keywords. 1.3.0-beta contained a database upgrade which made me backup the FireStats tables before upgrading, although it failed due to a PHP memory limit. I took a deep breath and upgraded anyway, and it turned out perfectly after a couple of minutes database upgrading. To my delight, the keywords had been automatically extracted from the pre-1.3.0 hits.


The only feature that FireStats lacks before Ill call it a full-fledged statistics system is graphs. Im sure this is a high-priority trac ticket somewhere.

Thanks for FireStats, Omry Yadan.

WordPress Plugin: The Holy Blog

Tired of your old, boring blog? Are all its plugins just plain lame? Does it lack a divine touch? Then The Holy Blog is just what you need! (Holy Book get the pun? Haha.) The Holy Blog appends a random Bible verse on every page in your blog. Here are som of the features:

  • Verse cache for saving bandwidth and processing time
  • Fully customizable CSS
  • Choose verse update frequency
  • Verse statistics
  • Valid HTML/XHTML
  • Random verse fetched from the ESV

Download and Install

Here, you can download The Holy Blog 1.1. Unzip it and upload the-holy-bible.php to your plugin directory, wp-content/plugins/. Now, you just have to go to the plugin tab in your administration panel and activate the plugin. To change the default settings, go to the options page conveniently located under Options.


  • 2006-07-26, version 1.1:
    • Options page
    • Current verse in options page
    • Verse statistics
    • Next-verse countdown
    • Custom CSS
    • Resetable CSS
    • Variable update frequency
    • Update now-option
  • 2006-07-26, Version 1.0
    • Initial release

casino sloys alladvantages gambling of hotel2007 casino deposit bonuscasino 50newtown casino in 4bears lounge andresorts las all-inclusive vegas casinoakwasanee hogansburg ny casinoameristart casino Mapnaken 250 kg rlek mp3 k1981 rocky mp3mp3 dark 2046 chariot192k 1985 asia astra mp3 aorbludni mp3 187 sinmp3 hz 25000smiling keep 1983 mp3208 mp3 moonlight shadow Map

WordPress Plugin: CurMusic

CurMusic adds two additional fields to every post, artist and song. You can use them to show your readers what you were listening to when you wrote the post. The information is shown by adding a PHP function to the theme. The style of the artist/song string can be customized through the option page.

Download and Install

  • Download CurMusic 1.0.
  • Unzip the file, upload it to your plugin directory (/wp-content/plugins/) and activate the plugin in the Plugins tab.
  • Edit your theme (Presentation -> Theme Editor) and add this where you want the music announcement to be: <?php echo_curmusic(); ?>. Note that you should know the difference between HTML and PHP before doing this. If you dont, feel free to ask in a comment.


  • Music statistics
  • Mass-management of songs and artists
  • Overview of songs and artists


  • 2006-10-17, version 1.0:
    • Initial release

Calculating Pi in TI Basic Using the Leibniz Formula

Got nothing to do during math class? Then let your calculator calculate Pi! The Leibniz formula states that:

Pi/4 = 1/1 – 1/3 + 1/5 – 1/7 + 1/9

This is how to do it on your TI calculator, nicely formated.

: 0 -> N
: 0 -> P
: ClrHome
: Output( 1, 1, "STEP " )
: Output( 2, 3, "PI= " )
: While 1
: 1 / ( (-1)^N(2N+1) ) + P -> P
: Output( 1, 6, N )
: Output( 2, 6, 4P )
: N + 1 -> N
: End

Note that this is a very poor way of calculating Pi, especially with a calculator, since it requires an extremely large amount of steps in order to obtain accurate values. 10,000,000,000 operations are required in order to get only ten correct decimals.

Haiku #35: Consoles Reviewed

First came three-sixty
Hot like burning Dell laptops
Green, mutated X

Then PlayStation 3
2^8 kilogram apples
I could buy for that

Enter saviour, Wii
Nunchuck and Twilight Princess
Wii Move You my heart

Ill probably wait for Super Smash Bros for Wii before buying the wonderful console anyway, but Im still biased. Who would not be happy with a near-wireless Nunchuk?

This post was written as part of ProBloggers group-writing project on reviews and predictions.

WordPress Plugin: Favicon Head

Favicon Head is a simple way to automatically include correct tags for linking to your favicon in the head of every page in your blog. No file editing is required, you only have to upload the file to the plugin directory and activate it. The default favicon location is favicon.ico, but can be changed through the options page.


  • Animated favicon support
  • Custom favicon location
  • Works in WordPress 1.5 and 2

Download and Install

  • Download Favicon Head 1.1.
  • Unzip the file and upload it to wp-content/plugins/.
  • Click the Plugins tab in the WP admin panel and activate Favicon Head.
  • Go to the Options tab and click the Favicon Head sub-page in order to change the favicon location from /favicon.ico.


  • 2006-11-21, version 1.1:
    • Animated favicon support added (patch by pp)
  • 2006-08-21, version 1.0:
    • Initial release