PHP parameter trick on hackthissite.org "Realistic Mission 1"

After I pass the basic missions on hackthissite here is the first realistic mission solution of the hackhissite.org. You can see the mission from here.

It is really easy mission if you know about the value passing from the URL of the page to server. The flaw about the web site you need to hack is that it does not have input validation on server side code. It does not control the value of the vote input. Thus what you need to do is just see what values are passing to server (see also hidden fields on voting forms) while voting and pass these values by typing to browser address bar with the huge voting value.

I do not give the exact writing to pass the mission because if you do not understand what I told up side, I guess you need to work more on how internet servers works and how you pass values to server from url parameters. Moreover you need to aware of hidden form fields you need to see and play on it.

Share