As you all know(even if you dont know let me tell you) I am not any elite hacker. I am learning like all of you.May be it is because I haven't found vulnerability in any sites other than these challenge sites (myself),my confidence is very low.
But something occurred today that lifted my confidence a little higher.
what was it??
Well..first of all let me ask you, have you seen the game menu in this blog? which has hangman game for you to play? Well I was playing in it today and got wrong guess always..then i thought ,why on earth i can't win even this small game!!
Then an Idea struck me!! what if like all this challenge site, there is vulnerability in this game which is a simple code i have copied from another website without even reading it!
I right clicked on the "Guess" button and selected inspect!
There i saw
now I know my input is given to the function pruefeZeichen()
I right clicked the site and selected "view-source"
there ctrl+f to find and searched for pruefeZeichen()
i saw a script after the fuction is called ,
There it is...
there is only six words and if you count no. of dashes in the question, we can easily guess which word they want..
another method is,
when we search for fucntion we can see
we know our word is stored in "lsgwort"
in our page right click and select inspect, in that select console
What lifted my confidence?
Now I understand here I didn't made this vulnerability intentionally ,I was not even aware of it...similarly any new or old sites can have many vulnerabilities which the creators have missed to fix.
This is why there is a great chance for Ethical Hackers to help these guys to fix them and get paid by them.
But something occurred today that lifted my confidence a little higher.
what was it??
Well..first of all let me ask you, have you seen the game menu in this blog? which has hangman game for you to play? Well I was playing in it today and got wrong guess always..then i thought ,why on earth i can't win even this small game!!
Then an Idea struck me!! what if like all this challenge site, there is vulnerability in this game which is a simple code i have copied from another website without even reading it!
I right clicked on the "Guess" button and selected inspect!
There i saw
<input name="ratebutton" type="button" value="Guess" onclick="pruefeZeichen()">
now I know my input is given to the function pruefeZeichen()
I right clicked the site and selected "view-source"
there ctrl+f to find and searched for pruefeZeichen()
i saw a script after the fuction is called ,
var lsgwoerter = [["T", "R", "E", "E", "H", "O", "U", "S", "E"], ["J","A","V","A","S","C","R","I","P","T"], ["W","E","B","D","E","S","I","G","N"], ["E","D","U","C","A","T","I","O","N"], ["C","H","O","C","O","L","A","T","E"], ["G","E","R","M","A","N","Y"]]
var random = Math.floor((Math.random()*(lsgwoerter.length-1))); var lsgwort = lsgwoerter[random]; // the word to guess will be chosen from the array above
there is only six words and if you count no. of dashes in the question, we can easily guess which word they want..
another method is,
when we search for fucntion we can see
var pruefeZeichen = function(){ var f = document.rateformular; var b = f.elements["ratezeichen"]; var zeichen = b.value; // the letter provided by the user zeichen = zeichen.toUpperCase(); for (var i = 0; i < lsgwort.length; i++){ if(lsgwort[i] === zeichen){ ratewort[i] = zeichen + " "; var treffer = true; } b.value = "";
}
From that its clear our input is checked with value in variable lsgwort
we know our word is stored in "lsgwort"
in our page right click and select inspect, in that select console
below that type alert(lsgwort)
Hit enter and you will get the word as alert!
Now I understand here I didn't made this vulnerability intentionally ,I was not even aware of it...similarly any new or old sites can have many vulnerabilities which the creators have missed to fix.
This is why there is a great chance for Ethical Hackers to help these guys to fix them and get paid by them.
Comments
Post a Comment