HackThisSite - Basic Mission 3

Post author: vkkkv
Post link: <a href="https://vkkkv.github.io/wp/HackThisSite/hackthissite-basic-03/" title="HackThisSite - Basic Mission 3">https://vkkkv.github.io/wp/HackThisSite/hackthissite-basic-03/
Copyright Notice: All articles in this blog are licensed under <span class="exturl" data-url="aHR0cHM6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL2xpY2Vuc2VzL2J5LW5jLXNhLzQuMC8="> BY-NC-SA unless stating additionally.

Posted on 2026-06-08 In ctf Views: Disqus:

This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

这次 Sam 记得上传密码文件了，但问题比这更深层。

页面上有一个密码输入框。查看源代码后发现一个隐藏的表单字段：

1	<input type="hidden" name="file" value="password.php" />

HTML 表单中的 hidden 类型字段对用户来说完全是可见的——只要查看源代码就能看到。这里隐藏字段暴露了密码文件的路径：password.php。

直接在浏览器中访问这个文件即可获得密码：

1	https://www.hackthissite.org/missions/basic/3/password.php

页面会直接返回密码内容。

e656d2bd