Page 2 of 3

Re: Ext 12

PostPosted: Wed May 20, 2009 6:50 am
by haha01haha01
I find this mission very confusing. Basically, to solve it, you have to pretend you dont know what $userpass is assigned.

Re: Ext 12

PostPosted: Tue Jun 02, 2009 10:16 am
by Mortecai4

Re: Ext 12

PostPosted: Tue Jun 02, 2009 10:57 pm
by eljonto
Mortecai4 wrote:What does a variable with 2 $ in front of it mean?

Do you know what people who don't code in php did when they saw that in the mission? They went to google, you should give it a go.

Re: Ext 12

PostPosted: Thu Jun 18, 2009 1:13 pm
by xen
YAY! i finally did it...
ok people:

READ EVERY POST in this thread from the start up until now, have another go at it after you read each post!!!!!!

it tells you to use "" to declare the info to input

reading thru this thread mentions you need to declare more than one, which you should know how to do from years of internet browsing and looking at your address bar.

the script is very basic, there are only so many variables in it which narrows it down ALOT...

if you try something and think it should work but it doesn't (like i did), try it the other way round

after reading thru this thread if you haven't already got it by the time you get to this post,,, you should have it now!!

ExtBasic 12

PostPosted: Sat Nov 28, 2009 8:05 am
by pSub
Is there any special way to submit the solution? Because after a few attempts I tested the script on my webserver, and there I am able to exploit the script.

I tried the following:<the answer><the answer> <the answer>

But nothing works.

Re: Ext 12

PostPosted: Tue Jun 29, 2010 7:54 pm
by st0w
I have to concur with something that's already been said. If these are supposed to be realistic, then the answer that's expected isn't accurate. With the scenario as presented, the expected answer is extraneous.

Think redundancy.

Re: Ext 12

PostPosted: Tue Sep 21, 2010 3:35 pm
by shill
Remember, you have to exploit it, not match the pass that's given to you. Pretend you don't know that password.

Re: Ext 12

PostPosted: Sun Jan 02, 2011 12:17 pm
by dhldhldhl
Hey there, I've gotten the answer and it's pretty easy actually. The problem remains though, that I don't get where I have to put the answer. Is it possible that has been bought by another company? Because there's an entire website overthere so where should I put my answer?

Any help would be grateful. :-)

got it :D

Re: Ext 12

PostPosted: Sat Jan 15, 2011 3:33 pm
by lezazA
This challenge was very confusing. If the script were really like that there would be no need to set an extra variable... anyway, even with the confusing text, solving it was trivial.

Re: Ext 12

PostPosted: Sat Mar 01, 2014 6:11 am
by CovertMagic
Remember, you have to exploit it, not match the pass that's given to you. Pretend you don't know that password.

Dang, that's the clue.

Perhaps, if we're not supposed to know the password, a good idea might be to not tell us it?
e.g. omitting
Code: Select all
$password = 'IWantToCow';
from the question.

I think I missed the point in so many spectacular ways on this one.

Anybody else actually send HTTP requests to the real [url][/url]?