In this level, we have nothing to break within the confines of the form itself. The site also hints towards JavaScript, so using ctrl+f to find a <script> tag, you can find the following on line 41:
<script type='text/javascript'>
$(function(){ $('.level-form').submit(function(e)
{ if(document.getElementById('user').value == 'heaven' &&
document.getElementById('pass').value == 'hell') { }
else
{ e.preventDefault(); alert('Incorrect login') } })})
</script>
Using even limited code experience, we can walk this through logically line-by-line. The first line tells us that this script is, in fact, a JavaScript snippet. It defines a function that appears to be related to the “level-form”. By looking at lines 43 and 44. we can see that if the ‘user’ == ‘heaven’ and the ‘pass’ == ‘hell’, we will probably get in. Otherwise, we will get an alert that notifies us of our failure.
We are reminded to always validate data on the server due to client-side alteration. Congratulations!
| Previous: Main 2 | Next: Main 4 |