Basic 22

Basic 22 has been released for beta testing, it was made by The_Cell and is pretty easy, it's an SSI challenge.

You can find it: here

Username: beta Password: liekh0mg

Comments etc would be appreciated.

People who've beaten it:

Me :) me too…. only_samurai foofoo richohealy Neo_Chalchus Larika HackingForce V1P3R

i did it. added myself to the list system.

i personally think that a few more commands could have been added. ones that pertain to this challenge. there are a few other ways to do it i think should be covered that arent. other than that the bugs are just commands that arent allowed and perhaps not enough explaination on what to do. "enter a command" is a bit vague…..perhaps give an idea of what was being done to allow this command so people arent just running "ls" and "dir", they remember the rest they need

well i dont get it, i found out how to use the ls command but as for the rest no clue. maybe a pointed error message/your getting closer?

you can msn me if you want foofoo, i can help explain it

are these unix commands? im confused :angry:

i read http://www.owasp.org/index.php/Testing_for_SSI_Injection

it helped me alot,

Haha, Good Challenge mate! Seriously, that was a pretty good one. It was fairly easy for me, but there aren't alot of people who know of this kind of exploit so its good to get it up on HBH. There DOES need to be a "Your on the right track" message if the correct injection form is given. (I've done it btw, easiest 25 points in a long time :P )

I did it too now, i think its a good one but you can do it whitout guessing the right command. Just use basic1 method, look at the source. It is better if you have to do it whit SSI commands.

Damn, i did it…

i remember they had the same thing on HTS, one of the Basic challenges..

done it, yeah it was on HTS as basic 8 i think