This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot.
Now, as we see, Sam is quite forgetful, and he forgets his password all the time, so he wrote some script that would mail him the password. Lets begin with checking the source code as we always do.
<form action=”/missions/basic/4/level4.php” method=”post“>
<input type=”hidden” name=”to” value=”firstname.lastname@example.org” /><input type=”submit” value=”Send password to Sam” /></form></center><br /><br /><center><b>Password:</b><br />
<form action=”/missions/basic/4/index.php” method=”post“>
<input type=”password” name=”password” /><br /><br /><inputtype=”submit” value=”submit” /></form>
Now as we see this source code, Sam has put his email id in a hidden input tag. No, we are not going to hack this email id, instead we are now going to tweak the source code, so that it would work for us and not Sam.
There are two ways to change the source code, either save it on computer then edit it and workout or you can try developer tools which is really helpful in checking or editing the source code (firebug in Firefox). All you now have to do, is change Sam’s email id into yours.
What did we learn?
Hidden attribute in input tags hide your information only till the time user doesn’t peeps into your source code.