A9:2021 | Logging Security (2) | Cycubix Docs

Let’s try

  • The goal of this challenge is to make it look like username "admin" succeeded in logging in.

  • The red area below shows what will be logged in the web server’s log file.

  • Want to go beyond? Try to elevate your attack by adding a script to the log file.


  • Lesson says we need to add a script to the log file. First submit the answer and enter into the POST request to evaluate the log-spoofing request.

  • Then try to generate a script in the username as admin. An example follows:

  • You will see that the login succeded for admin but failed for username.

  • We can generate a script for the password, after the username script:.

Last updated