Realistic 1 - Just a few hints please.

Well, so far i have the information on administrator and johndoe.

Iv tried logging in as johndoe but it doesnt work.

"Your user and pass didnt match our records" - iv tried all different passwords.

iv heard you need to use js injections and to look on toys.php.

just need a bit more guidence. thanks

you dont need the username /password at all. use the AuthId. javasctipt inject it on the toys page

<– <– <– <– Check the articles section on the left, and read one :) <– <– <– <–

Well, this isn't a spoiler, because it is posted under Real 1's description (johndoe/password): The password to johndoe is 'password' without the single quotes (').

After you log in, you need to find a certain directory, which will give you the AuthID for the admin. Go to toys.php, and inject the AuthID, then change the price. There you go!

ok thanks iv found that. i last ttried the injection on the login page :s il try on toys now.. thanks.

well iv got the javascript:void(docu<i></i>ment.cookie="AuthID=******");

but when i enter it on toys.php and refresh… nothing happens at all?

change all the variables, not just the password, and then refresh.

sorry, what do you mean by variables? as far as i can see theres only 1 :whoa:?