At the start we’ve only got an url to our target webserver:
![Bildschirmfoto 2015-03-30 um 18.14.33]()
When we click on “Login” we get a javascript popup which tells us “You Are Not Authorized!”. Then we click on “FLAG”, because that’s what we want. Unfortunately we don’t get a flag yet, but the source code of admin.php is revealed.
more here......http://blog.squareroots.de/en/2015/03/0ctf-2015-quals-forward-web250/
When we click on “Login” we get a javascript popup which tells us “You Are Not Authorized!”. Then we click on “FLAG”, because that’s what we want. Unfortunately we don’t get a flag yet, but the source code of admin.php is revealed.
more here......http://blog.squareroots.de/en/2015/03/0ctf-2015-quals-forward-web250/