okay so I’ve played around with it and I’ve chose an SQL injection as an avenue of attack due to the fact that changing the IP would seem to just be logged as new IP from a different user (>> unless it tracks via the auto login instead of the IP so you can pass by making a few quick requests[/Spoiler]) but I’ve run into the problem with the encoding I’ve tried the normal methods like double encoding and ascii sequence but I can seem to slip anything past yet. any got anyone got any hints on bypassing that encoding.
[Spoiler]my thinking is that if I can execute an SQL injection I can delete the log and still submit login details