dont-use-client-side
Last updated
Last updated
Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/17682/
(link) or http://jupiter.challenges.picoctf.org:17682
Never trust the client
Let's check how secure this portal really is.
Unfortunately the credentials are checked on the Client side which allows us to reverse engineer the password.
It gets the value of an HTML element with the ID "pass" and stores it in the variable checkpass
.
It then defines a variable split
with a value of 4.
It checks the checkpass
string against several conditions using substring
to extract specific parts of the string.
All we have to do is arrange the split password.