2009-10-08 15:54:42 -06:00
|
|
|
10: the key is in the generated source.
|
|
|
|
|
20: enter a non-integer into form field and submit. the key is in the resulting
|
|
|
|
|
traceback.
|
|
|
|
|
30: change the value in the GET request to a non-integer. the key is in the
|
|
|
|
|
resulting traceback.
|
|
|
|
|
40: change the value in the POST request to a non-integer. the key is in the
|
|
|
|
|
resulting traceback.
|
2009-10-13 14:03:35 -06:00
|
|
|
50: change the quantity value (hidden form field) to something greater than the
|
|
|
|
|
stated quantity limit. the key is in the resulting traceback. entering non-
|
|
|
|
|
integers is caught and handled, so that no longer works.
|
2009-10-13 15:00:04 -06:00
|
|
|
60: the key is in the cookie. note the javascript that reads a value from the
|
|
|
|
|
cookie, hopefully causing the player to take a look at the cookie.
|
2009-10-13 15:50:08 -06:00
|
|
|
70: modify the cookie's content_name field to something invalid, reload the page
|
|
|
|
|
and the key will be printed on the page.
|
2009-10-14 14:16:09 -06:00
|
|
|
80: an sql query is being constructed in javascript from form fields. change the
|
|
|
|
|
form fields such that the query is SELECT * FROM key LIMIT 6 and the key will
|
|
|
|
|
be displayed.
|
