Penetration Testing 1, DoS hint

The article gives the hints of overflowing which is similar to that of a numeric calculator. It can't be divide by zero, since that raises an exception, so I tried entering a large amount of data in all the fields.

The article says 'overlow the connection', but I'm not sure what that means. I'm sure this challenge has nothing to do with literally DoSing the page with multiple requests.

The article asks us look for information shared between pages, so I put news=<very large string>, but the server complained saying that URL was too large. I set the PHPSESSID to the large string, and as expected, I logged out. Any hints?

P.S. I don't understand how I used the cookie exploit clearly. Can I PM someone to ask how it works?

An ID is usually expected to be a numeric value ;). And you can PM me.

Your PM helped me. Thank you very much for your assistance!

Wow im glad i read this first… the first thing i though of when i saw DoS was a possible exploit was to actually try flood the server with requests, glad i stopped and use my mind for a split sencond:xx:

In a lot of challenge, the aim is to put the good string where it is needed. Using a DoS software, or trying to DoS the server can't be the good way to valid the challenge =] So, you have to remember there a script to add your points, like this:

if ( $variable == "answer" ) { // only an example give_points(); }

It should be more difficult to analyze a real attack :ninja: and to give points…

yeah i figured as much, also i love this site, so i wouldnt want to crash it