What I learn from HTS today is Directory Traversal Attack (DTA). You might learn from Wikipedia. As a summary DTA is a way of accessing the locations that are not intended to be available to plain user, by using input fields of the website. Generally flaw that makes open to DTA is low sanitizing and input validation of applications.
These are the steps to complete the mission.
- Open the hacked index of the web site and open the source of the index see the bottom comment of the hackers. It means we have original index file as oldindex.html
- Type to ...3/oldindex.html
- Open the source and copy all the source of the page.
- Go to "Submit Poetry" page of the site.
- Type ../index.html as name and paste all the copied content to content part of the form.
- submit. That's all 🙂