mirror of https://github.com/dirtbags/moth.git
18 lines
1005 B
Plaintext
18 lines
1005 B
Plaintext
|
10: the key is in the generated source.
|
||
|
|
20: enter a non-integer into form field and submit. the key is in the resulting
|
||
|
|
traceback.
|
||
|
|
30: change the value in the GET request to a non-integer. the key is in the
|
||
|
|
resulting traceback.
|
||
|
|
40: change the value in the POST request to a non-integer. the key is in the
|
||
|
|
resulting traceback.
|
||
|
|
50: change the quantity value (hidden form field) to something greater than the
|
||
|
|
stated quantity limit. the key is in the resulting traceback. entering non-
|
||
|
|
integers is caught and handled, so that no longer works.
|
||
|
|
60: the key is in the cookie. note the javascript that reads a value from the
|
||
|
|
cookie, hopefully causing the player to take a look at the cookie.
|
||
|
|
70: modify the cookie's content_name field to something invalid, reload the page
|
||
|
|
and the key will be printed on the page.
|
||
|
|
80: an sql query is being constructed in javascript from form fields. change the
|
||
|
|
form fields such that the query is SELECT * FROM key LIMIT 6 and the key will
|
||
|
|
be displayed.
|