Please enter your username and your password to log in! The username should be at least 5 characters long but less than 20!
___________
Username:|___________|
___________
Password:|___________|
Solution:- In the beginning, I try to use SQL Injection to pass this challenge, but whatever I input anything, the page always shows me the message "Unfortunately your solution is wrong.".
- All right, let's check the source code.
- Since the login form has limitation in user input like below.
<input type="text" value="" id="input_user" name="input_user" class="edit" maxlength="20" size="20" tabindex="1">
<input type="text" value="" id="input_pass" name="input_pass" class="edit" maxlength="20" size="20" tabindex="2"> - Use the javascript code below in Chrome JavaScript Console to change the default value of "input_user" and "input_pass" which will both be larger than 20.
javascript:alert(document.forms[0].input_user.value="abcdefghijklmnopqrstuvwxyz");
javascript:alert(document.forms[0].input_pass.value="zyxwvutsrqponmlkjihgfedcba"); - Press Login button to send the request. Then, the page will show us an error message.
Error... Line 11...elseif (if $user == 'apache') and ($pass == 'linux')
- Yes, they are the valid username and password.
- Congratulations, well done!