@Seepckoa said:
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess ! 