Secure Coding 101: Secure Coding | Proof of Concept | Extra Exercise

kruemel · February 20, 2024, 1:08pm

Did anybody solve the extra exercise “Are you feeling bold”?

If you wanted to take it a step further (and prepare for the Whitebox Pentesting 101 module at the same time), it is possible to inject a command that passes the if statement, such that the sendCode function would execute and send the secret message to your HTTP server on our box. To do that, you would have to inject a command that would make the if statement return true , such that it would go into its inner function.

How can I inject code into the cookie and make the if condition become true?

if (md5(eval('cookie="' + document["cookie"] + '"')) == "2b20b9095653112d362d673bd7ddb2f8")

Happy for help and ideas!

Topic		Replies	Views
Intro to Whitebox Pentesting: Blind Exploitation academy	0	62	July 26, 2024
IKnowMag1k (Web) Challenges challenge , web	3	1608	May 21, 2018
Whitebox Pentesting 101 Skills Assessment Academy	9	921	September 4, 2024
Intro to Whitebox Pentesting: Blind Exploitation Academy	1	63	November 11, 2024
HTB academy - Skills assessment - Using web proxies - Off-topic	46	13532	December 5, 2024

Secure Coding 101: Secure Coding | Proof of Concept | Extra Exercise

Related topics