Table of Contents
1. Web App Exploitation 1.1 HTML 1.2 CSS 1.3 JavaScript 1.4 Databases 2. Security Vulnerabilities 2.1 HTML Vulnerabilities 2.2 CSS Vulnerabilities 2.3 JavaScript Vulnerabilities 2.4 Database Vulnerabilities 3. Summary
Challenges
Challenge 1 Challenge 2 Challenge 3
  1. Home
  2. Web App Exploitation
  3. Challenge 1
  4. Explanation

Challenge 1 Explanation: Commit to Comments

When developing or securing a web page, you should always check for comments in the HTML source left by developers. Sometimes, HTML comments pose no security risk, such as comments denoting page sections; however, some comments, such as those commenting out incomplete or insecure web page functions, can compromise the security of the web page. The answers to this challenge can be found in the comments in the challenge’s web page source.

Below is a step-by-step guide of how to answer the questions and complete the challenge.

Begin by right-clicking on the page and selecting “View Page Source.”

Explanation Screenshot 1

Next, look through the page’s source for any comments of interest. For this challenge, there are several interesting comments grouped together as seen below.

Explanation Screenshot 2

The answer to the first question can be found on line 161 in the page source. As seen in the above screenshot, the answer is “Sir Code-a-lot”.

The answer to question 2 can be found on the same line as the answer to question 1; the answer is “April”.

The answer to question 3 can be found on lines 165 and 166 of the page’s source. As we can see, the developer made a note that the “Admin.html” page is not complete; however, the developer created a link to the page and commented out the link.

The flag is found on line 171 of the page’s source.