Cody’s First Blog
Flag0 – Found
- What was the first input you saw?
- Figuring out what platform this is running on may give you some ideas
- Code injection usually doesn’t work
Flag1 – Found
- Make sure you check everything you’re provided
- Unused code can often lead to information you wouldn’t otherwise get
- Simple guessing might help you out
Flag2 – Found
- Read the first blog post carefully
- We talk about this in the Hacker101 File Inclusion Bugs video
- Where can you access your own stored data?
- Include doesn’t just work for filenames