Insecure code management

Challenge: Get the password (in clear text) from the admin account.

Intercept, send to Repeater and check the (existence and content of) .git directory:

Download the directory:

wget -r http://challenge01.root-me.org/web-serveur/ch61/.git/

Open the directory which contains .git in GitCola (for example), and Undo Commit: