moth/packages/webapp/summary.txt

18 lines
1005 B
Plaintext

10: the key is in the generated source.
20: enter a non-integer into form field and submit. the key is in the resulting
traceback.
30: change the value in the GET request to a non-integer. the key is in the
resulting traceback.
40: change the value in the POST request to a non-integer. the key is in the
resulting traceback.
50: change the quantity value (hidden form field) to something greater than the
stated quantity limit. the key is in the resulting traceback. entering non-
integers is caught and handled, so that no longer works.
60: the key is in the cookie. note the javascript that reads a value from the
cookie, hopefully causing the player to take a look at the cookie.
70: modify the cookie's content_name field to something invalid, reload the page
and the key will be printed on the page.
80: an sql query is being constructed in javascript from form fields. change the
form fields such that the query is SELECT * FROM key LIMIT 6 and the key will
be displayed.