Back to list
CTFVery Easy

HackThisSite — Basic Mission 5

ducky
2026-05-19
18 views
1 min read

HackThisSite — Basic Mission 5

What Happened

Sam tried to secure the email script further, but the recipient address is still controlled by a hidden form field:

No actual server-side validation was added.

Exploit

Identical to Basic 4:

  1. Open DevTools → Inspector
  2. Find the hidden to input
  3. Replace value with your HTS registered email
  4. Click "Send password to Sam"
  5. Password arrives in your HTS inbox

Root Cause

Security was claimed but not implemented. The "extra measures" didn't address the actual vulnerability — client-controlled recipient in the form payload.

Key Takeaway

Security through obscurity or minor tweaks doesn't fix a fundamental design flaw. If the root cause (client-controlled sensitive input) isn't fixed, the exploit still works.

Tags

#hackthissite#/missions/basic/5/#basic-mission-5

Keep Reading

Related writeups

CTFVery Easy

HackThisSite — Basic Mission 11

Apache directory listing is enabled and `.htaccess` is publicly readable — fuzzing reveals the hidden directory structure and leaks the password filename.

#hackthissite#Basic Mission 11#basic-mission-11
2026-05-19
ducky
26
2m
CTFVery Easy

HackThisSite — Basic Mission 10

Authorization is stored in a client-side cookie as `level10_authorized=no` — changing it to `yes` grants instant access.

#hackthissite#Basic Mission 10#basic-mission-10
2026-05-19
ducky
23
1m
CTFVery Easy

HackThisSite — Basic Mission 9

No injection point in Level 9 itself — reuse Basic 8's SSI vulnerability with a traversal path pointing to Level 9's directory to expose the hidden password file.

#hackthissite#Basic Mission 9#basic-mission-9
2026-05-19
ducky
17
1m