So, I’m not really used to writing posts or interacting with people on forums, not against it, just not my thing. Yet, after going thru this series of levels, I can say for sure that they are great introductory exercises: they show you how even simple tasks are full of complexity and knowledge.
I want to tell you what my experience understanding this level, in case you are struggling with the same kind of stuff as I did.
Knowing the basics of programming (if statements, for loops, handling parameters, etc) comes in handy, as this level is about understanding what is going on under the hood.
You are here reading posts because you are not sure what to do, and I was there too. There is no shame in looking for answers. The more you learn, the better. I have some background in programming, and I would’ve never guessed how xpath works, ever.
Start by reading about it. W3, OWASP, google, I even found a blackhat pdf that went in depth on the topic. It is somewhat similar to SQL, but its syntax reminds me more of the way folders and files are sorted in a system (and if you have done some scripts in batch or navigated folders thru a terminal, that idea may come in handy, as being aware of from WHERE you are requesting stuff is as relevant as what you are asking for). The way data is handled is similar to java <-> sql: you make a request, and then you work with it. Understand WHICH part are you exploiting. [s]I tried backwards, dont mix php with xpath syntaxis lmao.[/s]
Second, there is a post with lots of discussion about this topic, where a user posted a script thats similar in concept to what you are being faced with. Read it, understand it, and read it again; understand what its trying to do, how it handles the data, and for the love of god, do not bruteforce this. You will get burnt out quickly, as this is not about luck.
I tend to overcomplicate things sometimes. Learn from the others, understand what they are trying to do, and how they are doing (and expressing) it. I tried to request very specific data for every field, but thats not ideal, overcomplicates the exploit, and makes you prone to small mistakes. Keep it simple, and wrap your mind around how this exploit abuses logic operators. That, plus understanding the [s]f[/s] syntax, is everything you will need to solve this.
The hint that the site gives you on the exercise is, well, it is there for a reason. Things are not always straightforward, and sometimes you just have to poke around and see what yields (like in blind injection attacks, if you feel like going for that).
Hopefully, with all of this, you get your deserved victory. The first steps are always hard to take.
Keep going.
[i]
If I’m giving away too much information, feel free to point it out or to mod it so its more appropriate. Any extra tips to further improve this posts are also encouraged.[/i]