Grammar

request a default php page and not the /

I tried in***.php and I didn’t get cookie

there is double most popular page :slight_smile:
Solved

@smm2 said:
there is double most popular page :slight_smile:
Solved

I’m sorry, I don’t quite understand what you mean. When attempting to use a default PHP page, I run into some errors. What am I doing wrong?

Never-mind, solved.

I’m not so sure that my payload is correct. Because I still get “What you are trying to do?” can I ask for help?

thanks

This guide https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf was really helpful.

never mind, it was parameter problem. for anyone which get “What you are trying to do?” make sure just change third parameter.

Finally solved.

Unable to bypass the 403 error message, i have tried ip:port/main.php, index.php, login.php, admin.php, phpinfo.php, /robots.txt, but still no positive result, a response will be appreciated please, you can also DM please.

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

@PandaCarry said:
just got the flag, its alot easier than you may think

hello sir i am into the cookies part
i got the cokkies and php page
i don’t understand the decrypted cokkies and the MAC
can you please help me?

I’m having trouble with my syntax for busting. Can anyone help me? I don’t know what I’m doing wrong.

Please: I’ve posted dozens of payloads that I am lead to believe should work. Generated many via python. I’d appreciate if someone could spot my obvious error (via PM so as not to spoil).

@peek said:
watch the video

which video?

@noman said:

@peek said:
watch the video

which video?

On the first page

This is a really simple challenge. The video is patronizing and misleading, ignore it completely. It has nothing to do with the challenge. The slides mentioned are most important. Also important - the app is inconsistent - watch your headers, you can have good theoretical understanding and a payload that should work but it won’t.

Happy to help anyone as I got heaps.

I just completed this challenge too. If there are any questions feel free to PM :slight_smile:

Just solved it.Feel free to PM for hints

Hi everyone. I pass first step and stuck at type juggling. I was try 0, null and array approach for MAC but not solve this challenge.I was write script for try juggling but can’t get any result. What’s my wrong?