Basic 3

I think it’s broken.

Hear me out. Use the cookie editor to change the username to a base 2 system. Reload the page for the next section. But nothing happens it just re-writes the cookie.

I’m thinking its writing it before reading it.

Also I couldn’t find a user who has completed the challenge.

edit: Issue submitted.

• @ this point in time : SAME HERE.

the refresh resets the THING, you know the THING, Cmon, man.

I am having issues with the SQL Injection bit. I assume it should be sth like ’ OR 1=1 but unfortunately this only sends me back to step 1

Basic 3 is working correctly currently and your on the right track with your SQL injection. Have you forgotten about the cookies ?

yes, i altered the cookies, my sql injection just doesn’t work

Well if the cookie is correct, then youll be presented with the sql login. if not then you go back to first page, are you sure the cookie gets set? you’ll know if cookie is set correctly, the page will tell you.

tweaked the cookie correctly and got to the sql part. tried the default sql inject, complete with “–,” but it doesn’t let me in. confirmed cookie was still altered when trying the sql inject, and it was (also tried changing it back, which didn’t help). help appreciated.

Drop us PM with more details and I can provide some hints.

I spoke with @wand3rlust via PM and can confirm that the challenge is online and working correctly. As another hint for anyone else don’t make the SQL too complex.

yes, thanks, @mordak. i had been using the most common syntax for the sql inject (the kind you’d find on an sql injection tshirt :), but this challenge uses an equally simple but different syntax for the inject.

I’ve been trying to redo all of the challenges on a mobile device as  that’s how most of us access the internet nowadays, but this bastard is really busting my fucking chops