Task 1

After you repeatedly try to send the file, you'll notice that the system asks for a password using JavaScript methods before the file is sent. Because you always can view the source code of JavaScript scripts executed on a page, you should examine the HTML code ofthe document.

Notice the line that asks for a password and checks it:

 if(prompt('enter a password')=='df9nhfd') return true; 

Thus, you'll easily disclose the password necessary to upload files: It is df9nhfd .

What's more, you can bypass this check without examining the page contents by disabling JavaScript in the browser.

Uploading large files is barred by the following form field:

 <input type=hidden name=MAX_FILE_SIZE value=10> 

To upload a file of any size , save the page on the hard disk and edit its MAX_FILE_SIZE parameter and change or add the action attribute. In addition, you can disable the password check here.

As a result, the file stored on your disk will look as follows .


 <html> <body> <form enctype="multipart/form-data" method=POST action=http://localhost/zadachi/l/> <input type=hidden name=MAX_FILE_SIZE value=1000000000> Send this file: <input name=userfile type=file> <input type=submit value="Send File"> </form> </body> </html> 

If you open this file in your browser, you'll be able to upload a file of any size without submitting a password.

The task is solved .

Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
Year: 2005
Pages: 77

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net