realistic 5

i am almost at end, but i am stuck on a reporting part… i´ve read the source, and see use the c**** and ?i****** i have checked the forum and all articles related to this challenge.. mostly i saw that i´ve used it before, e.g. .php?=****, i´ve tryed to include my command here, but it doesnt work… i think i know the command to going directory up, its , where the last thing indicates the r, please correct me if i am wrong.. i´ve tryed ***.php with ******* in *** directory too, but it doesnt work… i think i´ve tryed everything, but probably not everything :) please help me

You want to Report an Activity right !? With a little inginuity you can figure out the url location . For this page .

Me on the other hand i cant seem to finish this . I have found the url . I have taken it and altered it . But im still getting the message that it cant be sent .

Anyone able to help ?

I'm guessing that you altered the destination. This is a good thing but there is more to alter. You can either alter it the same way or you can inject it.

You can pm me if you need more help.

Yes i did alter . But maby i didnt alter enough things or just didnt put the right info in the right locations . Put im pretty sure atleast one is good !? I pm'ed you . Ill keep thinking and working in the meantime !

Thanks for the response and offer of help !

Ok so i logged off . Deleted all cookies even though i have my firefox browser configured to delete everything from a session the second i close it down . But i went ahead and deleted all cookies and temporary files .

Then i proceeded to do the mission over again step by step :

1=I logged in as Jdoe 2=I found a way into BillSmiths email index . 3=I entered a script to make me Bill 4=Changed Bill's permissions on his folder . 5=I covered my tracks 6=I found the location of the send report page . 7=I got the code for this page and found what to alter .

Its just two simple things that need to be changed :

I made sure that since i was saving the html file on my computer i would need to make sure the browser new where to go when i hit "send" so i elaborated on the url location in the form action .

Then i changed who the info was going to . I tried three different variable for the value in this instance .

Im still getting the message :

We could not send you report due to the following reasons

1. The member does not exist or is not an administartor .

Whats the problem here ?

i still dont have any success, i´ve tryed to use t**.php?direc****=*** in the **, also i´ve tryed to use it in the root, l.php?action=, but it doesnt worked :xx:

Im kinda stuck aswell, and i can'tfigureout how to report to the admin!

I read BillSmiths mail, and i found the dir ochangedpermissions on the folder to *** thatone thats close enought to 775 ;P I also changed the log to the other IP, althou i don't get it, am i supposedto change a cookie aswell to find the report page?

Please PM meif you can help me as im not thatmuch on HBH these days, and i reallysuck at checking the forum :S

Thx In advanceB)

You can PM me with what you had tried if you want:)

PMd you flame! Anybody else that can help out?