Uncle Arnold’s Local Band Review – Realistic Mission 1
On opening the link – https://www.hackthissite.org/playlevel/1/
You are met with a task.
Change the outcome of the vote, so that your band can win the bet.
Clicking through to the voting page shows that your band is rock bottom of the voting system. Not good!
So how do we change the votes?
By right clicking the ‘Vote!’ button and selecting ‘Inspect’, you will see this code snippet appear on the bottom of the browser window.
We’re interested in the ‘<option value=”5″>5</option — $0’ part. We could change any other value if we wanted really. Lets chose 5 for the time being.
Change the value in quotes from 5 to a higher number like 9999.
Clicking back onto the website will force the code snippet to flash as it accepts the change. Now all you have to do is chose ‘5’ in the vote and submit.
You will be redirected to the HTS page to alert you that you have completed the mission.
Why did this work?
You altered client side code values so that when they submitted in POST, to the web server it accepted the value as legitimate values. You would imagine in a real scenario that POST data would be verified in some way or the voting would be dealt with server side. However, in this case it worked.