Real 11, Login Question

I have read BlackNDoor's article on Real 11 (article) just to make sure I was approaching the login correctly, but I've tried every combination of SQL injections that I can think of (with what I believe is the correct username, found via the method mentioned in the article). I've also tried the injections listed in willeH's article. (Thinking it was he who wrote the challenge, so perhaps that's the quirk I wasn't accounting for)

I have tried to use the username (ex: ausername) in both all lowercase, and first-letter capitilization (Ausername), and I feel that I'm either overlooking something, or missing something repeadtedly.

I've also scanned the source of /************/index.php after each login attempt. Anyone generous enough to push me in the right direction, or highlight my error somehow? Thank you very much, in advance.

(One thing to note: I obscured the directory of the login page, just to avoid any spoilers at all.)

BlackNDoor wrote:

"Hmm.. Why don't you try to login with this user and perhaps an sql injection for the password… Ok that's don't work but did you see what i see!!! If you look carefully at your explorer, I'm sure you see it.So try to view the source of it."

Look carefully at, what happens when you press the login-button (the action)

Try My Article ……Hope That Helps..

cURL is pissing me off. I cant seem to get the page where im supposed to return the number. im using it like this "curl -b cookies.txt http://xxxxxx" where cookies.txt is the file i took from my browser that holds all the cookies. It just doesnt work… help :evil:

Nope!!!

Learn PHP CURL

Chnage the page's POST to GET method to know where and how to return the number.

JohnDoe wrote: cURL is pissing me off.

Then why do you use it? I've beaten that part of the challenge both with JS and with GML. It can be done in for example Visual Basic or C++ if that suits you better. You don't have to use cURL for this mission, it's just one of the alternatives ;)