Description: When I was doing a pentest on a given target, I found this page. I think it’s vulnerable, but I’m not good at PHP, are you? Difficulty: Easy Recon When you visit the site for the challenge it brings you to a page titled “Printer”, with an input bar and a checkbox for a debug option. When I enter input and submit the form, it runs an HTTP GET request with echo ‘{my-input}’ as the value for the print parameter.

Description: Sequelitis has moved to a new database for keeping track of their customers. Break in. Points: 100 Recon When you visit the URL for the challenge, you get a basic search bar. Based on the name of the challenge, I know this is going to be some kind of SQL injection. When I submit a search request and capture it in BurpSuite, I get a normal looking response with no results.