I decided to make “HackMe” to a series and just finished testing and scripting the challenge for today.
Let’s start
Mission
Todays Mission isn't the easiest. You could see your new cookie with the name "Password" didn't you?
You have to insert a script that sends you this cookie of other persons. It’s not importent how you do this, but this time the webmaster used htmlentities() to be “secure” (He isn’t). Also the script shouldn’t be conspicuous. But more information you have to get on your own!
Really like these challenges. Looking forward to increasing difficulties in the future. The current level is perfect for beginners and if the learning curve isn’t too steep, this could really become an awesome noob-to-semi-pro series
You can use it as you want but for the right feeling only import the hackme2.sql under the tabell name “HackMe1” and change the password.php file for the right database connection.