Level 21 - Level 22
Overview
This time we got an empty page with a link to the source code.

Source Code Analysis
Let's take a look at the source code. The first code block of the application looks out for the URL parameter revelio
from a GET request and if it exists it checks whether the session contains the key-value pair admin=1
and if so it sets the header Location: /
.

The second code block of the application looks out for the URL parameter revelio
from a GET request and if exists it shows the credentials for the next level.
Getting the Password
I tried a GET request in the browser with the URL parameter revelio
, which responded with a empty page.

I checked the burp HTTP history to get insights on what happend. You can see that the request got redirected and we got an empty page as a result. But the response for the GET request with the URL parameter revelio
is recorded in the burp HTTP history, which contains the credentials for the next level.

Last updated
Was this helpful?