What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Bright Shadows - Exploit 1: "Easy starter"


Please enter your username and your password to log in! The username should be at least 5 characters long but less than 20!
  1. In the beginning, I try to use SQL Injection to pass this challenge, but whatever I input anything, the page always shows me the message "Unfortunately your solution is wrong.".
  2. All right, let's check the source code.
  3. Since the login form has limitation in user input like below.
    <input type="text" value="" id="input_user" name="input_user" class="edit" maxlength="20" size="20" tabindex="1">

    <input type="text" value="" id="input_pass" name="input_pass" class="edit" maxlength="20" size="20" tabindex="2">
  4. Use the javascript code below in Chrome JavaScript Console to change the default value of "input_user" and "input_pass" which will both be larger than 20.

  5. Press Login button to send the request. Then, the page will show us an error message.
    Error... Line 11...elseif (if $user == 'apache') and ($pass == 'linux')
  6. Yes, they are the valid username and password.
  7. Congratulations, well done!