JavaScript
Client side validation is so secure?
https://ringzer0team.com/challenges/27
Points: 1
Tags: javascript, ascii
You will be given a page that type form login, that need username and password
Like always need to "Inspect Element", or "View Page Source" of the page
<script>
// Look's like weak JavaScript auth script :)
$(".c_submit").click(function(event) {
event.preventDefault()
var u = $("#cuser").val();
var p = $("#cpass").val();
if(u == "admin" && p == String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)) {
if(document.location.href.indexOf("?p=") == -1) {
document.location = document.location.href + "?p=" + p;
}
} else {
$("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>");
}
});
</script>
The script tells us that if we want to pass the login form it need to fill:
"username as 'admin'" and "password as '74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101'"
Actually what is "74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101", ASCII
I make a Python Script to convert the ASCII to Character/Alphabet
#!/usr/bin/env python3
aci = input("Ascii : ")
aci_spl = aci.split(",")
for i in aci_spl:
if i == " ":
i = ""
for i in aci_spl:
print (chr(int(i)), end='')
print ()
The key is, using the function "chr"
Ascii : 74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101
JavaScriptIsSecure