Points: 800

Tags: web 

Poll rating:

We are trying to break into eXtreme Secure Solutions, where The Plague works as a system adminstrator. We have found that their internal company login page is at http://portal.essolutions.largestctf.com/. Recon has also revealed that The Plague likes to browse this site during work hours: using the username ponyboy2004.
Remember, our main target is to break into the company portal, *not* the pony site.

UPDATE: The SQL injection was not intentional and does not help you solve the problem. We believe it has been fixed. If you have questions, please ask ricky on #pctf @ sendak.freenode.net.
UPDATE2: Also, bronies is not intended to be solved via client side (e.g. webkit) exploits - if you manage to do so though, that's fair game.
UPDATE3: Bronies was broken until 2013-04-13 07:26:28 UTC (the admin wasn't logging onto the internal portal properly). Please retry your exploits.
UPDATE4: Sorry, once again, please retry your bronies part 1 exploits. We think we fixed a bug at 2013-04-13 08:33:30 UTC that was breaking some attempts.


ActionRatingAuthor team
Read writeup
not rated
You need to authenticate and join a team to post writeups