This level has a bug | Defend the Web

hermodr
10 years ago

0

I’m using a tool cal Tem*Da the i modified something there, but the page doesn’t works neither count a failed tries

0x174n14
10 years ago

0

Temper* doesn’t work with this chall, but the principe is good.

Mugi [Mugiwara27]
10 years ago

0

Search how to send something to a webpage with Html :) and look over threads too

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

This level does not have any bug. No one confirmed that Basic+ Level 3 could be 100% solved by that method from the start.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

hermodr
10 years ago

0

yes i used other method different to temper and it works, but i don’t understand why temepr doesn’t…

Luke [flabbyrabbit]
10 years ago

0

SSL I believe

0x174n14
10 years ago | edited 10 years ago

0

I think CSRF protection or other mechanism based on asynchronous request, because with Temper there is a delay between the modified request and others, but with basic method it’s the first request

Luke [flabbyrabbit]
10 years ago

0

It is actually quite a subtle reason. The SWF file sends the request to HTTP which in turn forwards the request to HTTPS to force SSL. This doesn’t forward the request along with the request so the data is lost.

0x174n14
10 years ago

0

ok, thx for explain ;)

Reply has been removed

foxcargo
9 years ago

0

Thanks
0x174n14

your csrf word make me google, and now i know there is better method after TD.
inspect element and insert code. Thank you.