codys first blog flag0

Author: testert1ng

README.md

@@ -11,6 +11,7 @@
 | Trivial (1 / flag)  | [A little something to get you started][2] | Web    | 1 / 1      |
 | Easy (2 / flag)     | [Micro-CMS v1][3]                          | Web    | 4 / 4      |
 | Moderate (3 / flag) | [Micro-CMS v2][5]                          | Web    | 3 / 3      |
+| Moderate (5 / flag) | [Cody's First Blog][8]                     | Web    | 1 / 3      |
 | Easy (4 / flag)     | [Postbook][6]                              | Web    | 7 / 7      |
 | Easy (3 / flag)     | [Petshop Pro][7]                           | Web    | 3 / 3      |
 | Moderate (5 / flag) | [TempImage][4]                             | Web    | 2 / 2      |
@@ -21,4 +22,5 @@
 [4]: ./tempimage
 [5]: ./micro-cms_v2
 [6]: ./postbook
-[7]: ./petshop_pro
+[7]: ./petshop_pro
+[8]: ./codys_first_blog

codys_first_blog/README.md

@@ -0,0 +1,11 @@
+# Cody's First Blog
+
+## [Flag0](./flag0) -- Found
+
+- What was the first input you saw?
+- Figuring out what platform this is running on may give you some ideas
+- Code injection usually doesn't work
+
+## [Flag1](./flag1) -- Not Found
+
+## [Flag2](./flag2) -- Not Found

codys_first_blog/flag0/README.md

@@ -0,0 +1,23 @@
+# Cody's First Blog - FLAG0
+
+## 0x00 Home
+
+![](./imgs/home.jpg)
+
+## 0x01 Try with Comment
+
+Tried XSS, not working.
+
+![](./imgs/submit.jpg)
+
+As the blog is PHP, try inject with PHP.
+
+``` php
+<?php phpinfo()?>
+```
+
+![](./imgs/comment.jpg)
+
+## 0x03 FLAG
+
+![](./imgs/flag.jpg)