Day: January 19, 2015

Natas Level 14

Just a plain looking login page, lets jump to the source code: So $query is being initialized with unsanitized user input via $_REQUEST[“username”] and $_REQUEST[“password”].  I wonder what would happen if we put a quotation mark(“) in either field?  Let’s try it, we’ll also include “?debug=1” in the URL because

Read More »