#Day03 of #100DaysOfSecurity
Today let’s tackle Insp3ct0r. This is a Web Exploitation challenge, where you go for attacks that are unique to the magic of the World Wide Web. 
This one is pretty chill, and you don’t need any special tools (a hint 
) to solve it.
You’re given a URL to a simple website. Can you poke around and find the flag?
Hint
Use the source, Luke.
Walkthrough
If you view the page source in your browser, and inspect the code, you’ll find the website consists of three files:
- index.html (the page you’re looking at)
-
mycss.css (linked from
<link rel="stylesheet" type="text/css" href="mycss.css">) -
myjs.js (linked from
<script type="application/javascript" src="myjs.js"></script>)
HTML, CSS, and JavaScript each have the ability to add code comments that don’t show up in the visual view.
Look for those lines, and ye shall find the flag.
I know some of you out there might roll your eyes at the relative low difficulty level of this challenge, but this type of “hidden in plain sight” exploit happens far more often than you’d think. A couple of prominent examples: