hacker.org

I am keeping getting errors on this one.

I tried two different approaches (cookies and server log), which both work for me, but it still gives me 'error' is incorrect.

Is there something I did not get about this challenge or is it broken someway?

This challenge isn't broken. I've just solved it.

I doubt it supports cookies - you don't need to do any session-tracking, or anything like that. Just maintain global server-side state - so when the site sets an entry, then queries it, you can return what it set it to before.

If you like, post or pm me your url and I might be able to give an example sequence of requests that doesn't give the right result.

gfoot wrote:I doubt it supports cookies - you don't need to do any session-tracking, or anything like that. Just maintain global server-side state - so when the site sets an entry, then queries it, you can return what it set it to before.

If you like, post or pm me your url and I might be able to give an example sequence of requests that doesn't give the right result.

OK, I misunderstood the challenge and gave replies to 'test1' only - sometimes I am just plain stupid...

I'm a little confused: in my serverlog i miss the 'set=' call, i see only one 'get=' call. Do i misunderstand something?


[Edit:] Forget it, i think i've found my mistake ....


[Edit2:] now i think, everything is ok in my server, but still i only see one 'get' call ....


[Edit3:] ..... i think i found another error ....


[Edit4:] I give up!

The log on my webserver shows only one request:

208.97.183.12 - - [27/Feb/2009:10:21:38 +0100] "GET /?get=******/ HTTP/1.1" 200 4 "-" "-"

The browser returns:

'error' is incorrect

If i try it from my browser i see the 'set=' request before:

192.168.255.160 - - [27/Feb/2009:09:00:40 +0100] "GET /?set=****** HTTP/1.1" 200 2 "-"
192.168.255.160 - - [27/Feb/2009:09:01:12 +0100] "GET /?get=****** HTTP/1.1" 200 2 "-"

And exactly this one i miss if i try the same from hacker.org. Where is my error in reasoning?

Is this challenge working? I'm trying all sort of stuff, and by hand it works, but all attempts returns 'error'.

Thanks,
Bruno.

works fine for me

No problems here either.

Thank you guys . I'll try other approaches to do this soon.

Bruno.

I'm having similar problems. Is this server as picky as it is in part 1? I'm using the same method as in part one, so theoretically it should suppress that magic character, but I haven't focused on it.

I'm only getting 2 get= requests, both return "no", and I'm only getting "error" as feedback

Sorry people, you seem to mess something up. There are
all in all 8 requests to fulfill to pass the test. When your log
shows fewer requests the last response was erroneous.

Zeta: that's what I assumed, but all I get are two requests for "...?get=foobar", both (rightfully) return "no".

therethinker wrote:Zeta: that's what I assumed, but all I get are two requests for "...?get=foobar", both (rightfully) return "no".

I consistently get the same requests, so I think it's a static test suite. But for me the second request looks different...

any idea why me going to my hosted php page works correctly (i have an sql storing the escaped url before it even tries to run the other sql, which correctly logs my activity) but when i point the challenge to it it just responds error but without affecting my activity log.... anyone who already solved it want to peek at my page and see whats wrong?

(i do use javascript as an anti add script so it may be blacklisting it)

Just a note, the script is CASE SENSITIVE for the URL you pass it. If your script is called "yourTurn.php", the Hacker.org server will convert it to lower case and request "yourturn.php". So, keep your script names in lower case.