Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Pen testing 2 - stumped!


synstealth's Avatar
PHP WARRIOR
2,490 1

I have read all of the pen 2 threads and articles - I find them not very helpful except for a few areas to focus on.

so far I have found the hidden db info and a way to modify the news.

im stumped on the injection and trying to login as admin.. I have no clue how to get to the login. I keep getting big red 'ERROR' message on two places.

any pointers or a push would be grateful. or at least open up a discussion on this topic.


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

There is no sql injection in this one. The challenge gives you everything you need to login, and when you do, there are several pointers that will show you what to do next.


synstealth's Avatar
PHP WARRIOR
2,490 1

gotcha, I am up to 135 points now…

I got in and saw what I needed to see..

I am down to only 40 points left of the exploit.. I am suspecting it has something to do with trying to manipulate image tag?

any pointers?


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

CSRF


synstealth's Avatar
PHP WARRIOR
2,490 1

yeah – It was right in my face! lol..