Hacker Web Exploition Uncovered
| | ||
| | ||
| | ||
After you repeatedly try to send the file, you'll notice that the system asks for a password using JavaScript methods before the file is sent. Because you always can view the source code of JavaScript scripts executed on a page, you should examine the HTML code ofthe document.
Notice the line that asks for a password and checks it:
if(prompt('enter a password')=='df9nhfd') return true;
Thus, you'll easily disclose the password necessary to upload files: It is df9nhfd .
What's more, you can bypass this check without examining the page contents by disabling JavaScript in the browser.
Uploading large files is barred by the following form field:
<input type=hidden name=MAX_FILE_SIZE value=10>
To upload a file of any size , save the page on the hard disk and edit its MAX_FILE_SIZE parameter and change or add the action attribute. In addition, you can disable the password check here.
As a result, the file stored on your disk will look as follows .
| 1.html |
|---|
|
<html> <body> <form enctype="multipart/form-data" method=POST action=http://localhost/zadachi/l/> <input type=hidden name=MAX_FILE_SIZE value=1000000000> Send this file: <input name=userfile type=file> <input type=submit value="Send File"> </form> </body> </html> |
If you open this file in your browser, you'll be able to upload a file of any size without submitting a password.
The task is solved .
| | ||
| | ||
| | ||