Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.
help patch some php
ok i have to patch this for a challenge somewhere else and i believe i am doing it right but its saying no
1. <?php
2. if(isset($_POST['submit']))
3. {
4. $user = $_POST['user'];
5. $pass = $_POST['pass'];
6.
7. if($user == "admin" && $pass == "pass132")
8. {
9. echo "Logged in";
10. } else {
11. echo "I'm sorry {$user}, the password you entered is incorrect.";
12. }
13.
14. } else {
15. echo "<form action='' method='post'>".
16. "Username: <input type='text' name='user'><br>".
17. "Password: <input type='password' name='pass'><br>".
18. "<input type='submit' name='submit' value='Login'>".
19. "</form>";
20. }
21.
22. ?>```
i belive it is
line = 11
patched line = echo striptags("I'm sorry {$user}, the password you entered is incorrect.");
exploit type = XSS
any help. i know its probably something simple that im over looking