Solution:
Reading the page source code:
<h4>Client side validation is so secure?
</h4>
<hr />
<div class="challenge-wrapper">
<form action="" method="post">
<label>Username</label>
<input class="form-control" type="text" name="username" id="cuser" placeholder="Username" />
<label>Password</label>
<input class="form-control" type="password" name="password" id="cpass" placeholder="Password" />
<input type="submit" style="margin-top: 12px;" value="Login" class="c_submit form-control btn btn-success" />
</form>
</div>
<div id="cresponse">
</div>
<script>
// Look's like weak JavaScript auth script :)
$(".c_submit").click(function(event) {
event.preventDefault()
var u = $("#cuser").val();
var p = $("#cpass").val();
if(u == "admin" && p == String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)) {
if(document.location.href.indexOf("?p=") == -1) {
document.location = document.location.href + "?p=" + p;
}
} else {
$("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>");
}
});
</script>
<hr />
You decode the password from the String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)
which is JavaScriptIsSecure
.
Username is: admin
.
Submit it to the form to get the flag.
Flag: FLAG-66Jq5u688he0y46564481WRh