Wednesday, November 17, 2010

PWT Solution - Reach Alice's Website

Hey guys,

Thanks for the overwhelming response for the first PWT post. Here is the solution and explanation for "Reach Alice's Website" hack.

You can view the question here.

To give away the solution in a briefly, it is about "HTTP Referer field in the request". HTTP requests can have a field known as the "Referer" which will contain the URL of the point of origin of that particular request. By looking at the Referer, the current page can find out where that particular request came from. Since it is easily forgeable (like in this hack), referers are generally used only for statistical purposes and none of the application level logic will rely on this field.

So yeah, the solution is, just send a HTTP request with the "Referer" set as "" and you will get the key.

Here is a sample request without the Referer field set:

Here is a sample request with the Referer field set:

List of persons who completed this task

Please view their original comments to see how they did it.

Congrats to all of you !

The good response that i have got for this post will definitely keep me going about PWT! Thanks guys!