|
|
seven
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 3
|
|
|
|
|
|
|
|
I created an html and added a admin field into the form
(and of course changed the POST location).
however, I still get "Loged in successfully" and not the password
*Yeah I entered 1 in the admin field
*Yeah I checked over the temp files. found nothing
|
|
|
|
|
|
seven
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 3
|
|
|
|
|
|
|
|
never mind, I passed it :)
|
|
|
|
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
|
|
|
|
|
|
|
SBD
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 49
|
|
|
|
|
|
|
|
I did the same thing only with the right change, but nothing =\
hint?
Edit by : cp77fk4r At 24/09/2005, 22:01:41
|
|
|
|
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
|
|
|
|
|
|
|
ALERT : HINT!
When you injecting some SQL Commands you need remember what with the rest of the query!
|
|
|
|
|
|
SBD
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 49
|
|
|
|
|
|
|
|
sory i mixed with 2 diffrent levels.
in the OS LOGIN there is no SQL INJ, no CP?
|
|
|
|
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
|
|
|
|
|
|
|
SBD- check it by yourself, I'll don't tell you :)
btw, this is a offtopic.
|
|
|
|
|
|
Nuuuuuu1
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 38
|
|
|
|
|
|
|
|
cp, SBD is right..
y letting them think about sql injection and "the rest of the query"..
there a better way without it..
think.. it's one of the easiest, shortest web-challenges..
Edit by : Nuuuuuu1 At 29/11/2006, 23:56:14
|
|
|
|
|