Here’s a walk through for the Beginner Challenges on www.Halls-of-Valhalla.org. Click here to start the first challenge on Halls-of-Valhalla.
Right click to view source and
After a few minutes of perusing the source I found
For this exercise we are using Burp Suite
I flipped the Cookie: auth bit to true and….
After many failed attempts I was able to inject the following script into the location field using Burp Suite.
<script>alert(1);</script>
These are all User-Agents. Let’s try to post the same script from 4 into the User-Agent value.
And…that worked. This was a fast one.
I spent a lot of time looking around before finally checking out the robots.txt file, which shows a php file in the /challenges/beginners directory.
The php file lead us right to the password.
Above is the Reply button in Burp Suite
Above is the Delete button substituting id=160 for id=162 to delete the Administrator’s post and….