Pen testing 2 - stumped!

I have read all of the pen 2 threads and articles - I find them not very helpful except for a few areas to focus on.

so far I have found the hidden db info and a way to modify the news.

im stumped on the injection and trying to login as admin.. I have no clue how to get to the login. I keep getting big red 'ERROR' message on two places.

any pointers or a push would be grateful. or at least open up a discussion on this topic.

There is no sql injection in this one. The challenge gives you everything you need to login, and when you do, there are several pointers that will show you what to do next.

gotcha, I am up to 135 points now…

I got in and saw what I needed to see..

I am down to only 40 points left of the exploit.. I am suspecting it has something to do with trying to manipulate image tag?

any pointers?

CSRF

yeah – It was right in my face! lol..