Pen test 1,Sessions part.

Been trying this for quite some time:

(Please tell me if the following reveals too much)

1.)I got the "secret" directory

2.)I know the vulnerability

(LOL,started learning PHP 2-3 days ago, got till the sessions part, remembered the $_G** and the URL in the challenge, did a search on google, my suspicions were confirmed)

3.)I tried directly accessing The File,got the error.

4.)Then tried the LFI method,it merely said "You have completed this…"

5.)Is there something wrong in what I have done? I didn't even get the "Fuxx" message.

Also,I am unable to get logged in as a normal user(nooblet) while the forum says it isn't necessary,I would like to know why.

If there are spoilers above,I'm sorry.:)

Read about PHP Session Cookie Parameter Injection Vulnerability. The username and password are simply there to waste your time.

Is this Mosh's challenge? He's uber anal on spoilers. The username/password might be a spoiler. I did this challenge not too long ago and I have no idea what you mean by the php sessions bit. I might be forgetful or maybe you're on the wrong track.

Sorry this one isn's mosh's, is this actually by dark mindz or a crack at them?

Fixed a typo which completely changed the meanign of this post lol

The second one is MoshBat's. Never would have completed it without his help. The hint I gave is from the previous threads.

I know the vulnerability,I have to add to the parameter, etc,etc.(&;))

What I want to know is: How do I access The File?

And the username/password is not a spoiler,it's present in the index of Pen-test challenges.

I seriously doubt that they are present only to waste my time,maybe they make a part of the mission easier/are an extra challenge?

Can I PM someone with what I have tried?:)

i did most of this one and i dont know shit about php, well just a little, you can easy overthink it that is=true ??? that help? you can pm if you need more help :D