dexter@aeron7.com
Amit Ghosh

A carefully careless entrepreneur

Menu
  • Home
  • Entrepreneur
  • Investor
  • Life Style
    • College
    • Love
    • School
  • Hacking
  • Thoughts
  • More
    • Hack This Site Solutions
    • ISI Solutions
  • Travel

HTS Realistic Mission 1 Solution

Hack This Site Solutions  /  February 23, 2001  /  By Amit Ghosh
Home / More / Hack This Site Solutions
1 Comment
FacebookTwitterGoogle+PinterestTumblrLinkedInRedditEmailPrint

Sql Injection Method

It can be better said as query string manipulation. A Query-string is any data in the URL that appears after the page name which will be followed by a question mark (?). All information after this question mark is the query-string.i.e.

http://www.site.com/index.php?variable1=[value1]&variable2=[value2]

Notice that everything is something = [some text or numbers]. The something is basically a variable that the system is passing, and [some text or numbers] is its value.

So to manipulate the query-string, you would change the value of [some text or numbers]. Do Not change the “something”, otherwise the system will probably not pick up what you sent, unless you accidentally changed it to another possible name the system would recognize. After you have changed the value of [some text or number] hit Enter or click Go to reload the page, and now your new value is sent to the server.

To know that you are sending a query-string to another page or database of some kind you need to find the following piece of code in the source code:

<form action=”v.php” method=”get”>

This line says the following form will submit to v.php. Using the method get. This indicates that the page v.php will be looking for variables in the query string. Note if you see:

method=”post”

This is something different. I suggest reading up on “get vs post” if you are not sure between the two.

So you have opened the realistic challenge number 1 in hackthissite account and have observe the source code of the site at the point of what does the clicking on “vote!” button do? !!

The question now is what variables We are sending to vote.php. The first piece of code you find might be obvious:

<select name=”vote”>
<option value=1>1</option>
<option value=”2″>2</option>
<option value=”3″>3</option>
<option value=”4″>4</option>
<option value=”5″>5</option>
</select>

This is indicating that there is a variable vote with a dropdown list of values. So when you submit the page it will look something like this vote=1. Unfortunately this means nothing if you do not know what band to apply the vote to. After looking over the code a bit more you notice:

<input type=”hidden” name=”id” value=”3″/>

This is indicating that a variable id has a value of 3. This piece indicates that the band id = 3.
When you put everything you learned together you have a querystring that should look like this:

v.php?id=0&vote=999999999999

So we are sending the v.php page the id=0 (which represents the band) and a vote count of 999999999 (which increases thier rating). When you submit this you might notice it doesn’t work. Well that is because we forgot something:

<input type=”hidden” name=”PHPSESSID” value=”abcaeadfc31a5c43b2534bf995c0553f”/>

Add this to the query string and you should be all set.

v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=999999999

Means we have to change http://www.hackthissite.org/missions/realistic/1/index.php to

hackthissite.org/missions/realistic/1/ v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=999999999

Javascript Injection Method

Goto http://www.hackthissite.org/missions/realistic/1/index.php  and type the following in the URL and press enter.

javascript:alert(document.forms[4].vote.options[0].value = 999999999)

This is a typical javascript injection which sets our value 1 to our desired value. Just click “Vote!” and it will work superb!!

hack this siteHack This Site Realistic Mission 1 SolutionHack This Site Realistic Mission 1 Solutionshack this site solutionsHTS Realistic Mission 1 SolutionHTS Realistic Mission 1 Solutionshts solutionHTS SolutionsRealistic Mission 1 SolutionRealistic Mission 1 Solutions
About the Author

Amit Ghosh

Aloha, I'm Amit Ghosh, a web entrepreneur and avid blogger. Bitten by entrepreneurial bug, I got kicked out from college and ended up being millionaire and running a digital media company named Aeron7 headquartered at Lithuania.

NewerHTS Realistic Mission 2 Solution
OlderMy experience with Kohona
Related Posts
Hack This Site Solutions

By Amit GhoshMay 302

HTS Basic Mission 1 Solution