Javascript Mission 1: Idiot Test

Javascript with its wide scope in web development and intensive use is turning out to be a key to hack for the hackers because of its vulnerability. But here I will not discuss about javascript, what it is and how it works however here in these missions we will not be doing javascript injections, but will only analyze the code and workout.

The intro:

faith is learning Javascript, the only thing that is protecting her from hackers is luck.

The only think you need to complete this mission, is the working knowledge of javascript. Unlike php or other web coding languages, javascript is visible in the source code like HTML. So just open up the mission and check out the source code.

To complete this mission, just look in the source code and you will find a button tag with an onclick attribute, that calls the javascript function check and passes in it, the value that is written in the input box above it. How did I come to know that? Well, document.getElementById(‘pass’).value is an inbuilt function that takes the value from the id passed through it. Here, our id is pass, which is also the id of the input tag above it.

onclick=”javascript:check(document.getElementById(‘pass’).value)”
<input type=”password” id=”pass” value=””>

Now, just find where is this check function and what does it do?

<script language=”Javascript”>
function check(x)
{
if (x == “cookies”)
{
alert(“win!”);
window.location += “?lvl_password=”+x;
} else {
alert(“Fail D:”);
}
}
</script>

Just above the Javascript Mission 1 heading you will be able to locate the check function. This check function stores the value in a variable x and checks it, if it is equal to cookie or not, if it is it prints win! in an alert box or else Fail D.

I know, the first mission is always the easiest!

What did we learn?

Javascript is very vulnerable, easy to inject and change. But it also requires deep efforts and hard work at the same time in analyzing the code.

Good luck!!!

Leave a Reply