[WEB] ezpz

Type your comment> @davidlightman said:

Hi, I’m stuck on bypassing the second notice. I’ve tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!

I wrote you a PM

I am stuck also. PM thanks.

People who are stucked on the 2nd error, think something around php datatypes.

Pretty stucked with second Notice, can anyone help please?

Type your comment> @azuax said:

Pretty stucked with second Notice, can anyone help please?

Same here

@azuax said:
Pretty stucked with second Notice, can anyone help please?

Same here. If you inspect the website closely, you get some good info, but not sure what to do with it

WAF is killing me. I got the table and DB but I can’t even see what’s in there. :frowning:

@snuggles there are other ways of doing without it without alternatives :wink:

WOW! That was really nice fun to solve!

Thanks @ahmed for making it!!

Any hints for the very 1st step ?
The HTML comment doesn’t realy help, or I may be blind…

EDIT : I was dumb… Thanks to @brueh for the pm.
The HTML comment hint only applies to the 2nd notice. Try multiple data types you know.

pretty sure i know what i’m supposed to be doing, but i’m struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way :confused:
would appreciate a nudge via pm

EDIT: nevermind, i expected this to be the way more complicated option because i’ve been fiddling with it earlier yesterday m)

Spoiler Removed

Hi!
Any hints on bypassing WAF and extract some data ?

Challenge done. Great challenge but it should be worth 50 points imo. Learned some new WAF bypass tricks for this kind of attack.
@snuggles already pointed a useful hint here for the last part.

Stuck on 2nd notice. Found a hint, but not sure what to do with it. Could anyone give a tip what direction to go next? Thank you.

EDIT: I did it :slight_smile:

I was trying to bypass the wrong thing :smiley:

Can anyone give me hint if I’m on right path if I PM them?

I think I might have cocked up a “correct” bypass technique, and now I’m just trying weirder and weirder alternatives that won’t work.

You can PM me guys but please tell me what you have tried so far.

Great challenge @ahmed. That was very tough. Thanks for making it. Learned a lot

Thanks @ahmed for this great chanllenge.
I enjoyed it and learned a lot

Wow, what a challenge, thanks @ahmed, this has been the most difficult web challenge I have done so far on htb, not ezpz at all!!
But learned a lot more thanks.

One thing I want to say, this challenge is not a 20 points challenge, at least not from my noob point of view :expressionless: