a simple POST form.
“damn login” little hint: it’s you vs UA/Sql
UA stands for User-Agent, so we must inject some sql through User-Agent field in our requests.
1st step is to get a valid query
2nd one should be to get a list of non-filtered stuff
Continúa leyendo Level 2 – damn login
This screenshot, as rendered in Firefox, doesn’t shows all the text (maybe the web designer must enlarge the iframe container) :-P
Let’s do it:
Continúa leyendo Level 6 – shop
Take a look into the source code:
A simple GET form with an interesting comment:
<!-- fortune files are in fortunes/ directory -->
This is a clue!
Continúa leyendo Level 3 – fortune
The getadmin contest show us the danger of enabling the register_globals directive in PHP. Looking into the source code, you can see that it is a simple form:
Continúa leyendo Level 1 – getadmin