Extended basic 6

Learn how to do code review

Re: Extended basic 6

Post by edwardblack741 on Thu Jan 09, 2014 11:49 am
([msg=78814]see Re: Extended basic 6[/msg])

The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...
edwardblack741
New User
New User
 
Posts: 3
Joined: Wed Jan 08, 2014 2:24 pm
Blog: View Blog (0)


Re: Extended basic 6

Post by -Ninjex- on Thu Jan 09, 2014 12:26 pm
([msg=78815]see Re: Extended basic 6[/msg])

edwardblack741 wrote:The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...


I will bluntly assume that you do not understand how GET parameters work within the PHP language. The website isn't supposed to be up. Assuming this site was real, how would you modify the URL to trick the server to authenticate you?
This will be the answer.
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1685
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Extended basic 6

Post by bgbrandongomez on Sat Sep 10, 2016 10:19 am
([msg=92892]see Re: Extended basic 6[/msg])

When I did this mission, the first thing I thought was "Why not try setting multiple variables at once?"

In the code below I saw
Code: Select all
$user = $passed = TRUE;
as a result of http://moo.com/me.php?user=%24passed%20%3D%20TRUE

Obviously, that didn't work, but I did find out that register_globals was a thing in this script, so I still got it anyway.

It may make an interesting extbasic or basic challenge in the future though! 8-)

Code: Select all
<?php
        $user = $_GET['user'];
        $pass = $_GET['pass'];
        if (isAuthed($user,$pass))
        {
                $passed=TRUE;
        }
        if ($passed==TRUE)
        {
                echo 'you win';
        }
?>
        <form action="me.php" method="get">
        <input type="text" name="user" />
        <input type="password" name="pass" />
        </form>
<?php
        function isAuthed($a,$b)
        {
                return FALSE;
        }
?>
bgbrandongomez
New User
New User
 
Posts: 4
Joined: Sat Apr 05, 2014 10:02 am
Blog: View Blog (0)


Previous

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests