@azuax said:
Pretty stucked with second Notice, can anyone help please?
Same here. If you inspect the website closely, you get some good info, but not sure what to do with it
@azuax said:
Pretty stucked with second Notice, can anyone help please?
Same here. If you inspect the website closely, you get some good info, but not sure what to do with it
WAF is killing me. I got the table and DB but I can’t even see what’s in there.
@snuggles there are other ways of doing without it without alternatives
WOW! That was really nice fun to solve!
Thanks @ahmed for making it!!
Any hints for the very 1st step ?
The HTML comment doesn’t realy help, or I may be blind…
EDIT : I was dumb… Thanks to @brueh for the pm.
The HTML comment hint only applies to the 2nd notice. Try multiple data types you know.
pretty sure i know what i’m supposed to be doing, but i’m struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way
would appreciate a nudge via pm
EDIT: nevermind, i expected this to be the way more complicated option because i’ve been fiddling with it earlier yesterday m)
Spoiler Removed
Hi!
Any hints on bypassing WAF and extract some data ?
Challenge done. Great challenge but it should be worth 50 points imo. Learned some new WAF bypass tricks for this kind of attack.
@snuggles already pointed a useful hint here for the last part.
Stuck on 2nd notice. Found a hint, but not sure what to do with it. Could anyone give a tip what direction to go next? Thank you.
EDIT: I did it
I was trying to bypass the wrong thing
Can anyone give me hint if I’m on right path if I PM them?
I think I might have cocked up a “correct” bypass technique, and now I’m just trying weirder and weirder alternatives that won’t work.
You can PM me guys but please tell me what you have tried so far.
Great challenge @ahmed. That was very tough. Thanks for making it. Learned a lot
Thanks @ahmed for this great chanllenge.
I enjoyed it and learned a lot
Wow, what a challenge, thanks @ahmed, this has been the most difficult web challenge I have done so far on htb, not ezpz at all!!
But learned a lot more thanks.
One thing I want to say, this challenge is not a 20 points challenge, at least not from my noob point of view
Thanks @ahmed, this was a very cool challenge!
Fun challenge, learned a lot about WAF bypassing. But 20 points? I don’t know dude.
Type your comment> @davidlightman said:
Hi, I’m stuck on bypassing the second notice. I’ve tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!
same here:"( help me plz!
pm me plz :"(
I’m stuck in second notice…
Would someone mind pm’ing with a bit of assistance on the second notice? been stuck for quite a while now.