ok, this is what ive done:

i went to the .txt file and got password, entered user and pass in the login screen and did the JS-javascript:void(document.cookie="AuthID=XXXXXXX") but it still doesnt work! please help!

where are you doing your js? the whole point is to change the amount right? So you'd want to be doing this while logged in and looking at the price…

also authid isn't the only thing you need to set in cookies…what else looks important?

p.s. refresh after every javascript injection

AuthID is the only thing you need to set, surely. It's the only new variable that's set upon logging in, and it's all I did to complete it.

Either way, I hope you're not injecting "JS-javascript:void"… you might of just been saying "here's the JS-," but just to be sure.

no, i didn't put the JS- in the url bar. I wasn't logged in when I did the javascript, i thought you needed it to login?

OK, so the AUTHID is the only part we need to inject?

For sme reason, nothing is happening :(

• No, you still need to inject the username and password.

¶No, you still need to inject the username and password.

just inject everything thats then you can't be wrong

Tee Hee thanks, my JS injection code was alittle messed up. I just injected everything, and it worked!

How do you gain access as johndoe? I've tried js injections, I can't seem to create a cookie.

Also, if we're doing this to get access as johndoe, sureley we could just do it straight away for administrator?

I demand answers :)

PS I have cookies for johndoe, but it won't let me in. (did it in a line, then alerted at the end and they're there….)

(May contain spoilers? You are warned!!)

Dude - you get the Pass & user for the John Doe account. Next search for an image… If you found what your looking for just go to the page that you want to edit (read the mission briefing!!) and use js injections. Don't know how to? Read the threads for this mission, you will get there.

spyware wrote: (May contain spoilers? You are warned!!)

Dude - you get the Pass & user for the John Doe account. Next search for an image… If you found what your looking for just go to the page that you want to edit (read the mission briefing!!) and use js injections. Don't know how to? Read the threads for this mission, you will get there.

confused I have the usename and pass for john doe, and administrator… I just can't get in as johndoe. Everything after that I could probably work out. How do I first log in as john doe? I have tried to cain the password, but nothing…

the password wont work. we havnt scripted a working login system for this challenge, because we want people to use javascript injection and edit their cookies.

so the only way to "log in" as john doe, is to edit your cookies.

Mr_Cheese wrote: the password wont work. we havnt scripted a working login system for this challenge, because we want people to use javascript injection and edit their cookies.

so the only way to "log in" as john doe, is to edit your cookies.

In that case I have edited my cookies, but still nothing. I am confused. I have used the obvious username, password, sessionid as the cookie names… But still no access…

Mr Cheese, please may I pm you with my javascript alert screenshot?

Damn :P Just login as Johndoe! In the mission descryption the pass for the john-account is given! Read your mission objectives!

You only need to JS-Inject the stuff for the admin…

OMG I'm such a noob. I did try that, but with caps like JohnDoe. Silly me. Thank you so much for all your help.

Didn't help that mr cheese said the loging form didn't work, I gave up trying.

I worked on this for a very long time…Word of advice to the wise….READ READ READ!!!

I did not read! and it took me FAR too long!

Ohh well…I got it now!