| Author |
Message |
dj-boris
Joined: 23 Dec 2010
Posts: 3
|
|
 |
 |
Jackpot, after trying and trying, I got it  , it needs just the right number of '
Thank you very much!
_________________
BlackShadow is watching you |
|
| Fri Dec 31, 2010 3:13 pm |
  |
 |
bspus
Joined: 04 Sep 2011
Posts: 9
|
|
| |
|
 |
|
As the challenge description says, you have to log in as 'adum' in order to see his secrets. |
I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.
I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing?
|
|
| Sat Oct 01, 2011 7:00 pm |
|
|
DaymItzJack
Joined: 29 Oct 2009
Posts: 106
|
|
| |
|
|
|
|
|
As the challenge description says, you have to log in as 'adum' in order to see his secrets. |
I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.
I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing? |
I think the answer to this challenge is the password, not positive though, I solved it awhile ago.
|
|
| Sat Oct 01, 2011 7:49 pm |
|
|
bspus
Joined: 04 Sep 2011
Posts: 9
|
|
| |
|
|
|
I think the answer to this challenge is the password, not positive though, I solved it awhile ago. |
Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading.
|
|
| Sat Oct 01, 2011 8:40 pm |
|
|
DaymItzJack
Joined: 29 Oct 2009
Posts: 106
|
|
| |
|
|
|
|
|
I think the answer to this challenge is the password, not positive though, I solved it awhile ago. |
Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading. |
I managed to log into adums account and the secret was right in front of me. I don't know exactly what you're doing but there aren't any tricks or anything.
|
|
| Sun Oct 02, 2011 7:36 pm |
|
|
bspus
Joined: 04 Sep 2011
Posts: 9
|
|
| |
|
I got in too by trying something slightly different. The thing is, it should have worked with my first method.
I believe the reason is that this is not a real vulnerability but just an exercise. The "exploit" is expected so it's all just make believe.
I 'll make a post in the solved section at some point to discuss it further.
edit: nevermind. My other method works now too. I wonder if something is changed
|
|
| Tue Oct 04, 2011 3:53 pm |
|
|
Nquit
Joined: 15 Jul 2011
Posts: 5
|
|
| |
|
Aparently i must be stupid about Injections.. I can't get it to work.. and it's pissing me off.. Any who can help a nub?
|
|
| Wed Nov 07, 2012 8:18 pm |
|
|
Nquit
Joined: 15 Jul 2011
Posts: 5
|
|
| |
|
I finally made it.. QUite easy now that i see how it's done
|
|
| Thu Nov 15, 2012 2:06 pm |
|
|
Valar_Dragon
Joined: 04 Jan 2015
Posts: 21
|
|
| |
|
This is a great challenge! Once you figure it out it makes complete sense!
|
|
| Mon Jan 12, 2015 11:03 pm |
|
|
SevenPlath
Joined: 11 Apr 2022
Posts: 1
|
|
|
| Tue May 24, 2022 8:19 am |
|
|
AMindForeverVoyaging
Forum Admin
Joined: 28 May 2011
Posts: 494
Location: Germany |
|
| |
|
You can try to send a mail to: adum (at) adum (dot) com
|
|
| Tue Jun 21, 2022 2:09 am |
|
|
|
