Hey guys, so i know that we have to use
XPATH injection[/spoiler]
for this level but i’m kinda stuck.
[spoiler]
If i understood right, the theory is that the request is something like : check (username=some_user or password=some_pass) and we’re modifying some_user to get the expression to return true, no matter the input . As seen in another thread with the some_user=“ blah' or 1=1 or ‘a’=‘a ” that follows the same principle.
But i don’t get how we’re going to log in as sandra murphy ? Should i switch out the ‘blah’ in some user to Request(“login”) or something around that ? (don’t know how to write xpath queries though)
i don’t know what i’m doing wrong, tried also doing some_user=“ ‘ or 1=1) and ( 'a’=‘a ” but to no avail (following what has been said about trying to change the test to : (test_user || 1=1) && ( 'a’=‘a’ || test_pass) which should always return true even when test_user and test_pass return false.)
Any help would be greatly appreciated.
