Username: 
Password: 
Restrict session to IP 
Questions  |  score: 5  |  5.75 7.38 6.83 |  Solved By 90 People  |  111366 views  |  since Mar 25, 2009 - 19:36:36

Fix Us (Exploit, PHP)

Fixus
Your mission is now to maintain access to the solution boards for the Z challenges.
Your plan is to gather information about the challenge solutions and gain more points on WeChall.net.
Because Z is a naive, click-before-think guy, he clicks on every link you send him.
Your plan is to send Z a malicious, but innocent looking link, and once he logs in WeChall, you will be able to login in the credentials of Z - and read the solution boards as well.
Gizmore did a good job against XSS and CSRF, so you have to find another flaw to log in.
After examining the WeChall source code, you found a hidden login page for the Z solution boards.

Goto Login

Goto Secret Forum
Send a link to Z

© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Z and Gizmore