Extended basic 6

Learn how to do code review

Re: Extended basic 6

Post by edwardblack741 on Thu Jan 09, 2014 11:49 am
([msg=78814]see Re: Extended basic 6[/msg])

The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...
edwardblack741
New User
New User
 
Posts: 3
Joined: Wed Jan 08, 2014 2:24 pm
Blog: View Blog (0)


Re: Extended basic 6

Post by -Ninjex- on Thu Jan 09, 2014 12:26 pm
([msg=78815]see Re: Extended basic 6[/msg])

edwardblack741 wrote:The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...


I will bluntly assume that you do not understand how GET parameters work within the PHP language. The website isn't supposed to be up. Assuming this site was real, how would you modify the URL to trick the server to authenticate you?
This will be the answer.
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Extended basic 6

Post by rossi123 on Mon Nov 26, 2018 4:50 am
([msg=96721]see Re: Extended basic 6[/msg])

kfealz wrote:After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server). So even if the sysadmin didn't know what he/she was doing while configuring the server, it is unlikely that he/she would have messed this up.

Regardless, it is still a good thing to know about as apparently register_globals can be used safely, so it's something to look for.

Really hoping I didn't break the spoiler rule on my first post... :)

yes exactly it's something to look for
rossi123
New User
New User
 
Posts: 3
Joined: Mon Nov 26, 2018 4:44 am
Blog: View Blog (0)


Previous

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests