Watching the source code
Looking into a web page's source code allows us to understand some of the programming logic, detect the obvious vulnerabilities, and also have a reference when testing, as we will be able to compare the code before and after a test and use that comparison to modify our next attempt.
In this recipe, we will view the source code of an application and arrive at some conclusions from that.
Getting ready
For this recipe, start the vulnerable_vm.
How to do it...
Browse to
http://192.168.56.102.Select the WackoPicko application.
Right-click on the page and select View Page Source. A new window with the source code of the page will open:
With the source code we can discover the libraries or external files that the page is using and where the links go. Also, as can be seen in the preceding image, this page has some hidden input fields. The selected one is
MAX_FILE_SIZE; this means that, when we are uploading a file, this field determines the maximum size allowed for the file we...
