Recently Updated
Safety First
Challenge There is a way to exploit the calculator here.
Solution
source:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<html>
<head>
<link rel="stylesheet" href="main.css">
<script type="text/javascript" src="calc.js"></script>
</head>
</body>
<center><h3 style="color: black; font-size: 40px">Web 8</h3></center>
<div class="box">
<div class="display">
<form action='.' method="post">
<input type="text" name="expression" readonly size="18" id="d">
</div>
<div class="keys">
<p>
<input type="button" class="button gray" value="mrc" onclick='c("Created....................")'>
<input type="button" class="button gray" value="m-" onclick='c("...............by............")'>
<input type="button" class="button gray" value="m+" onclick='c(".....................Anoop")'>
<input type="button" class="button pink" value="/ " onclick='v("/ ")'>
</p>
<p>
<input type="button" class="button black" value="7 " onclick='v("7 ")'>
<input type="button" class="button black" value="8" onclick='v("8 ")'>
<input type="button" class="button black" value="9 " onclick='v("9 ")'>
<input type="button" class="button pink" value="* " onclick='v("* ")'>
</p>
<p>
<input type="button" class="button black" value="4" onclick='v("4 ")'>
<input type="button" class="button black" value="5 " onclick='v("5 ")'>
<input type="button" class="button black" value="6 " onclick='v("6 ")'>
<input type="button" class="button pink" value="- " onclick='v("- ")'>
</p>
<p>
<input type="button" class="button black" value="1 " onclick='v("1 ")'>
<input type="button" class="button black" value=" 2" onclick='v("2 ")'>
<input type="button" class="button black" value=" 3" onclick='v("3 ")'>
<input type="button" class="button pink" value=" +" onclick='v("+ ")'>
</p>
<p>
<input type="button" class="button black" value=" 0" onclick='v("0 ")'>
<input type="button" class="button black" value="." onclick='v(".")'>
<input type="button" class="button black" value="C" onclick='c("")'>
<input type="submit" class="button orange" value="=">
</p>
</div>
</div>
</body>
</html>
and calc.js:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
function c(val){
document.getElementById("d").value=val;
}
function v(val){
document.getElementById("d").value+=val;
}
function e() {
try {
c(eval(document.getElementById("d").value))
}
catch(e){
c('Error')
}
}
Flag