I came up with this pwn3d zit3 login form challenge, to kind of expose one of the many web application vulnerabilities; it consists of a login form which authenticates against a mysql backend database to give authorized access to the members only part of the web site (you must become a member first—>”REGISTER”). The goal is to login with full administrator rights and get the users list data stored in the mysql database, if you need help or hint on how to come up with the goods use the comments form at the end of the page, hope you find it interesting….
here’s the link to th3 pwn3d zit3 login form challenge

hint #1: the vuln is in the way the cookie is set….take a look at the content of the cookie.
hint #2: read the login page for additional clues.

the complete site is now finish and it contains different vulnerabilities you can find it here