White Hat Institute

“Defend the Web” write-up (Intro 11 / Javascript)

“Defend the Web” write-up (Intro 11 / Javascript— file direction vulnerability)

Let’s dive into the challenge. In this example, we will be exploiting the file direction vulnerability. First, try it yourself and see if you can find any interesting information by analyzing the source code page.

Defend the Web - Intro -11

Press on “CRTL+F” and search for the word “password”. If you won’t be able to find interesting stuff for this particular page, then we can use a different method. Please pay close attention to the URL, you’ll notice that we are on the “?input” page (view-source:https://defendtheweb.net/playground/intro11?input).

Defend the Web - Intro 11-2

Let’s change it to the “?output” page view-source:https://defendtheweb.net/playground/intro11?output) and hit “Enter.”

You can also just remove the word “?input” at the end of the URL view-source:https://defendtheweb.net/playground/intro11) and then hit “Enter.”

Defend the Web - Intro 11-3

Search for the word “password” and you might find some good information to pass the login page for the challenge.