| Points: | 40 points | ||
|---|---|---|---|
| Gifts: | None | ||
| Requirements: | Basic SQL Knowledge. | ||
| Description: | If you know that this is a blogs website, and it's been moderated by John, who can add, edit and delete anything related to the bloggers... | ||
| 192 Scenario Hacker(s) | |||
|
| Points: | 60 points | ||
|---|---|---|---|
| Gifts: |
 |
||
| Requirements: | Business logic security hole. | ||
| Description: | The website developers noticed that there was a security hole in the login process (Scenario 1) and they fixed it. but they missed another one inside the website... |
||
| 142 Scenario Hacker(s) | |||
|
| Points: | 30 points | ||
|---|---|---|---|
| Gifts: | None | ||
| Requirements: | Directroy traversal security hole. | ||
| Description: | After what you did before, John dropped your account from the website, so, you'll not be able to play with the website contents again... |
||
| 131 Scenario Hacker(s) | |||
|
| Points: | 50 points | ||
|---|---|---|---|
| Gifts: |
|
||
| Requirements: | Session Hijacking. | ||
| Description: | Finally, and after too many attempts, you got something enabling you to hack the website and login into John's account again, which is John's SESSION ID... |
||
| 125 Scenario Hacker(s) | |||
|
| Points: | 50 points | ||
|---|---|---|---|
| Gifts: |
|
||
| Requirements: | Basic HTTP Request Knowledge. | ||
| Description: | This time we'll stop bothering John and try to test your ability to controll the HTTP REQUEST (low level)... |
||
| 129 Scenario Hacker(s) | |||
|
| Points: | 100 points | ||
|---|---|---|---|
| Gifts: |
|
||
| Requirements: | Directory traversal + Null character. | ||
| Description: | Do you still remember what you did in (Scenario 3), unfortunately, the website developers fixed it, but it seems like that they didn't fix it properly... |
||
| 115 Scenario Hacker(s) | |||
|
| Points: | 40 points | ||
|---|---|---|---|
| Gifts: | None | ||
| Requirements: | Basic Authentication Knowledge. | ||
| Description: | If you know that John uses two ways to access his account, the first one by "Basic Authentication", and the second one is the "Form Authentication"... |
||
| 135 Scenario Hacker(s) | |||
|
bronze skulls to open this level.
silver skulls to open this level.