I’m stuck in this level for weeks. I’m tryin to change the method for posting the vote, but nothing. I’m searching for different files but nothing. Any hint? Burpsuite could help? I only noticed that her ID is different from the others, but don’t know what to do. Merci!
It’s very hard to give a hint for this one, but there are three steps (I know it’s kinda obvious and irritating answer, but…):
1. What do you need to do?
2. Why you cannot do it?
3. How to do it?
May be somebody can give a better hint.
Once you identify the challenge, it becomes fairly straightforward.
I’d suggest extensively probing the application to understand what you can and can’t do.
Figure out ways to do what you want to do by bypassing measures that are attempting to stop you.
Thanks so much for your response! I have tried a lot…I compared all candidates and what happens when I try to vote, but appart from the 400 or 200 status message, the requests don’t seem to differ..cookies are exactly the same….:( Do I need burp for this or can I solve it with web dev tools? Thanks again!!
I have been stuck on this challenge for a while now.
Something that I did notice was the number of characters in the candidate’s last name matches the number of digits in their vote_id.
Like others have posted in this thread, the WAF is clearly blocking certain characters, like the ’d' character in ?vote_id=62d784 but I have had my hair start to fallout trying to bypass this annoying WAF.
You can also write “test.html” and it shows the same error message, it’s just the website error message when you try to go to a file that doesn’t exist, for example : https://defendtheweb.net/test42.html