Hacksite安全漏洞笔记(持续更新...)

1.源代码注释暴露密码

<!-- the first few levels are extremely easy: password is 7912e368 -->
<center>
<b>password:</b><br>
<form action="/missions/basic/1/index.php" method="post">
<input type="password" name="password"><br><br>
<input type="submit" value="submit">
</form>
</center>

2.密码未经过校验
3.密码校验文件暴露

<center>
<b>Password:</b>
<br>
<form action="/missions/basic/3/index.php" method="post">
<input type="hidden" name="file" value="password.php">
<input type="password" name="password"><br><br>
<input type="submit" value="submit"></form>
</center>

4.密码获取逻辑暴露

<center>
<form action="/missions/basic/4/level4.php" method="post">
<input type="hidden" name="to" value="sam@hackthissite.org"><input type="submit" value="Send password to Sam">
</form>
</center>

5.密码加密算法过于简单，很容易被破解