nginx0
diff --git a/‎_posts/2025-01-14-tryhackme-silver_platter.md‎
Lines changed: 4 additions & 2 deletions b/‎_posts/2025-01-14-tryhackme-silver_platter.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎_posts/2025-01-19-tryhackme-light.md‎
Lines changed: 24 additions & 0 deletions b/‎_posts/2025-01-19-tryhackme-light.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎images/tryhackme_light/banner.png‎
43.6 KB b/‎images/tryhackme_light/banner.png‎
43.6 KB
diff --git a/‎images/tryhackme_light/room_card.png‎
10.7 KB b/‎images/tryhackme_light/room_card.png‎
10.7 KB
@@ -119,7 +119,8 @@ Silverpeas up to and including 6.3.4 is vulnerable to a trivial authentication b
 
 E.g. the standard login request will look like this:
 
-```POST /silverpeas/AuthenticationServlet HTTP/2
+```
+POST /silverpeas/AuthenticationServlet HTTP/2
 Host: 212.129.58.88
 Content-Length: 28
 Origin: https://212.129.58.88
@@ -131,7 +132,8 @@ This will fail login (unless they have forgotten to change the default password)
 
 But if you remove the password field like this:
 
-```POST /silverpeas/AuthenticationServlet HTTP/2
+```
+POST /silverpeas/AuthenticationServlet HTTP/2
 Host: 212.129.58.88
 Content-Length: 28
 Origin: https://212.129.58.88
 
@@ -0,0 +1,24 @@
+---
+title: "TryHackMe: Light"
+categories: [TryHackMe]
+tags: [sql injection]
+render_with_liquid: false
+img_path: /images/tryhackme_light/
+image:
+  path: banner.png
+---
+
+Welcome to the Light database application!
+
+I am working on a database application called Light! Would you like to try it out?
+If so, the application is running on port 1337. You can connect to it using nc <MACHINE_IP> 1337
+You can use the username smokey in order to get started.
+
+![](room_card.png){: width="300" height="300" .shadow}
+_<https://tryhackme.com/r/room/lightroom>_
+
+
+
+
+
+[payload](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/SQLite%20Injection.md#sqlite-string-methodology)