A9:2021 | Logging Security (2) | Cycubix Docs
PreviousA9:2021 | Logging Security (1) | Cycubix DocsNextA9:2021 | Logging Security (3) | Cycubix Docs
Last updated
Last updated
The goal of this challenge is to make it look like username "admin" succeeded in logging in.
The red area below shows what will be logged in the web server’s log file.
Want to go beyond? Try to elevate your attack by adding a script to the log file.
Lesson says we need to add a script to the log file. First submit the answer and enter into the POST request to evaluate the log-spoofing request.
Then try to generate a script in the username as admin. An example follows:
You will see that the login succeded for admin but failed for username.
We can generate a script for the password, after the username script:.
