Let’s try

• The goal of this challenge is to make it look like username "admin" succeeded in logging in.

• The red area below shows what will be logged in the web server’s log file.

• Want to go beyond? Try to elevate your attack by adding a script to the log file.

Solution

• Lesson says we need to add a script to the log file. First submit the answer and enter into the POST request to evaluate the log-spoofing request.

• Then try to generate a script in the username as admin. An example follows:

• You will see that the login succeded for admin but failed for username.

• We can generate a script for the password, after the username script:.