Friday, July 3, 2009

HTS Basic Mission 10

This one's rather easy. Guess you know about cookies. Not the ones we eat, silly! For the newbies cookies are small files that store information on what we do on a website. It can also be used to store usernames and passwords and can also be used for authorization. The last case is the one here. So we need to see the cookie made by the page. For this we use JavaScript Injection. JavaScript Injection is simply forcing a page to execute some JavaScript command. All these commands must be typed in the URL bar.

Type ' javascript:alert(document.cookie) '. A popup box comes up with some gibberish written in it. But not everything is, is it? Can you see something written like ' authorization = no '? So we need to change it to ' yes '. For this we use the void command. Just type 'javascript:void(document.cookie="authorization=yes") ' and you will have passed the mission.

2 comments:

  1. Unfortunatelly this does not work, there is no text saying "authorization"

    ReplyDelete
  2. Oh, im sorry, i was in the section "extended basics", so it was my fault, ignore or delete my comments pls. PS: Ur the best dude :)

    ReplyDelete