Did anybody solve the extra exercise “Are you feeling bold”?
If you wanted to take it a step further (and prepare for the Whitebox Pentesting 101 module at the same time), it is possible to inject a command that passes the if statement, such that the
sendCode
function would execute and send the secret message to your HTTP server on our box. To do that, you would have to inject a command that would make the if statement returntrue
, such that it would go into its inner function.
How can I inject code into the cookie and make the if condition become true?
if (md5(eval('cookie="' + document["cookie"] + '"')) == "2b20b9095653112d362d673bd7ddb2f8")
Happy for help and ideas!