pen testing help

i'm confused about that… i found the secret directory… and i think , imust find the admin panel… i must inject the S*****N but how? i read the forums( there are 5 common exploits… from the other challenges??? 0 any help??:(

i found the 2 exploits … ( i found the secret directory and i login as admin…. and then?) any hint or help???? ( or an article to help me… i wrote the http://www.darkmindz.com/articles/hacking.txt....:o

try Xss in the members tools section. i havn't gotten around to this yet but i think theres something there

web dev toolbar extension for firefox is quite helpful.

omg you can do alot witht that. thnx for the tip.

yep i was right about the XSS

i used simple xss injection in members.php site but it can't work <s*****>a****(*)</s*****>….. any help or hint????:(

you have fire fox get an add-on called firebug. Then try changing one of the POST vars. You know in the drop down list where it says c*****y. That's how I got it. Maybe there is another way.

i found the third exploit… ( thanks fallingbudget..) for the other i think , i must create a session with the a**** to t*** who found in secret directory , but it can't works… i'm in the right way????:(

any help???

i think you should pm some ppl and dont give so damn many spoilers.