CTF#2 Level 11

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex11.php Description: We do not want you around… You have been blacklisted. It seems you have been blacklisted. Knowing what websites typically use to identify their users – try to get rid of that ban. Vulnerability: Bypassing Blacklists Solution: I don’t know what this…

CTF#2 Level 9

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex9.php Description: It seems you were automatically logged in as John Doe. Try to find a way to be logged in as the user Mary Jane in order to see her profile. Vulnerability: OWASP A2 Broken Authentication and Session Management Solution: This should be…

CTF#2 Level 5

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex5.php Description: It seems you have encountered a page which requires users to login before viewing. Do some magic without having to log in. Vulnerability: OWASP A7 Missing Function Level Access Control Solution: Based on OWASP description A7 Missing Function Level Access Control is…

CTF#2 Level 2

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex2.php Description: Some folks have decided to make a web calculator. You, on the other side, think to play a prank on them. Your task is to inject the PHP statement that shows information about Apache and things like the PHP version, as well…

Level 15

Url:¬†http://ctf.infosecinstitute.com/levelfifteen/index.php Description: DNS Lookup Bounty: $150 Solution: This challenge is command line injection (you must know linux command line), when you input address 127.0.0.1 for example in the fill form, you will get output Look the ;127.0.0.1 lines, ‘;‘ indicates you can input 2 command…