Monday, May 10, 2010

Web Security Challenge 2

The Web Security Challenge on "Encoding attacks for Web applications".



Description:
Web application commonly uses "GET" method to send user request to the webserver. They are commonly used for search, query and for bookmarking. The data in these requests can be easily extracted and manipulated from the address bar.

Objective:
This challenge is a very simple challenge. You are required to extract the "password" from the simulated user login and verify the capture password by logging in with it. For this challenge, You will learn and understand on how application uses "GET" method to send request to the server. This will be the fundamental for further challenges on code injection. You don't really require any tools to complete this challenge.

Environment:
The challenge was created with simple HTML and PHP.
The URL: Email me if you interested

Rules:
* Do not extract the password from the source code. You are suppose to extract it from the request.
* It is a code challenge, extract the data not crack the server.

Technical resources:
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
- Some readup on HTTP and Request methods

Feel free to give comments on the challenge.

No comments: