Overthewire natas level 23 – 24 is also based on PHP GET request parameter tampering. We have to carry out the injection in such a way that it fits both the conditions of the code.

The code for this level is here:

The two conditions to be fulfilled are:
1. passwd parameter should contain the string “iloveyou” –> strstr($_REQUEST[“passwd”],”iloveyou”)
2. passwd parameter should also contain word length greater than 10.

So after tried this:
It doesn’t work.
So I tried this now:
With numbers it works!

Once we send this request in passwd, we will get the credentials for the next level!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: