Scavenger hunt (WEB EXPLOIT)

This web scavenger hunt consist of 3 different vulnerbility. This means, it consist of easy and abit of technical work.

The three vulnerbility are:
- HTML5 (Usually comment tag)

- User-Agent Exploit

- Cross-Origin-Resource-Sharing Exploit (CORS exploit) ##Will require abit of understand

What is HTML 5?

Clue 1:

Look at the source code

Clue 2: User-Agent

What is HTML 5?

HTML 5 is the 5th generation of HTML. Over the year of web application structuring language,

HTML is a Document-Object Oreinted-Model (DOM). Despite adding more feature, some of the feature was actually being re-introduce. Which does nothing or usefulness towards cyber threats. Especially HTML is a language where it is large defactor implementation. (Uhhh... I forgot how to describe this.)

Simplified:

HTML 5 is a modern and newer version of HTML and it's the 5th genereation of HTML. HTML 5 is a Document-Object Oreinted-Model (DOM), Basic to understand: HTML IS A WEB STRUCTURE LANGUAGE.

Clue 1:

Look at the source code

As you can see at the image. You would see "blahaj{i_l0v3_b14" actually ran at the background of the code, as a comment/ ignored line block

(This line of block will instruct the computer to ignore the line).

Sometime, the flag would likely to hide under a comment/ignored line block. Not only that, always explore more about the code itself. In rare cases, the flag is written as a passkey or something.

In this case, I was lucky enough to find it under the "about" webpage in between the rooter tag (<HTML>) and body tag.

Clue 2: User-Agent

As you can see at image. This flag is hidding under robots.txt.

What is this 'robots.txt', Zul?

This is whst we call "User-agent". User-agent is like your system logs (System log basically tells you about your devices. Take that as an example).

Google Sites

Report abuse