OWASP Mutillidae II: Keep Calm and Pwn On
Version: 2.7.11 Security Level: 0 (Hosed) Hints: Enabled (1 - Try easier) Not Logged In
Home | Login/Register | Toggle Hints| Show Popup Hints | Toggle Security | Enforce SSL | Reset DB | View Log | View Captured Data
 
Want to Help?
 
 
 
 
Capture Data
Expand Hints Hints and Videos
Data Capture Page
 
This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /tmp/captured-data.txt. The page also tries to store the captured data in a database table named captured_data and logs the captured data. There is another page named captured-data.php that attempts to list the contents of this table.
 
The data captured on this request is: page = capture-data.php showhints = 1 PHPSESSID = 3qvsfrrpvpee3jp58s7ildillm
 
Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.