Level 21 - Level 22
Last updated
Last updated
This time we got an empty page with a link to the source code.
Let's take a look at the source code. The first code block of the application looks out for the URL parameter revelio
from a GET request and if it exists it checks whether the session contains the key-value pair admin=1
and if so it sets the header Location: /
.
The second code block of the application looks out for the URL parameter revelio
from a GET request and if exists it shows the credentials for the next level.
I tried a GET request in the browser with the URL parameter revelio
, which responded with a empty page.
I checked the burp HTTP history to get insights on what happend. You can see that the request got redirected and we got an empty page as a result. But the response for the GET request with the URL parameter revelio
is recorded in the burp HTTP history, which contains the credentials for the next level.