_Web Patching 1 to 3_

A guide for the web patching challenges, may contain spoilers.

Here's my article on web patching one to three, for these challenges you will need some basic knowledge of php.

_Web Patching 1_
On this challenge you see that the code "echo"s the variable: $_POST['username'].
For example, if you typed "floobman mc doodle" in the username box and hit submit it would say "Logged in as floobman mc doodle."
But, if you tried injecting some html tags into the box, as the script don't filter html tags it will output whatever html you put in.
You should know the name of this. If you don't know how to get rid of html tags from being inputted, try googling.

_Web Patching 2_
Right, you can see that this one has an sql query, so that should give you an idea of what kind of exploit this is.
To patch it, you have to know that you need to make it add a slash in front of the apostrophes and quote marks to stop the exploit.
Again, if you don't know the function for this, google.

_Web Patching 3_
Moving on to the third patching challenge, this script is meant to include whatever file you choose through the variable: $page = $_GET['page'].
The script also adds ".php" onto the end of the included file, so if you typed: something.php?page=something, it would include itself. But using our knowledge of poison null bytes, you could try this: something.php?page=/etc/passwd/%00 to try and view the password file.
The way you are suppsoed to patch this is the opposite of web patching two.

I hope this article has helped you, I realise it is quite a short article, but I couldn't think of any way to make it longer.