Posted by: Ken Harthun
Email security, Ethical hacking, Hacking, Password, Security, security awareness
So far, we’ve explored the first 4 basic missions at HackThisSite.org. As we get to each new level, the difficulty increases, but they’re still pretty easy.
Today, we solve level 5:
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.
If you try the same tactic we used to solve level 4, you’ll get the error message, “Invalid referrer. The requested URL /missions/basic/5/level5.php will not be loaded.” You get this because the script checks the HTTP headers to see where you are viewing the page from. If the url is not /missions/basic/5/ or /missions/basic/5/index.php then it will give an error. Since you’re viewing it from a local file, the script fails.
There are two approaches we can take here: 1. Change the email address in the script using some form of code injection; 2. Use an online monitor/debugger that allows us to edit a page on the fly.
Either way, mission accomplished!