Page 4 of 4

Re: Extended basic 6

PostPosted: Thu Jan 09, 2014 11:49 am
by edwardblack741
The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...

Re: Extended basic 6

PostPosted: Thu Jan 09, 2014 12:26 pm
by -Ninjex-
edwardblack741 wrote:The website uk.moo.com/moo.php does not exist anymore, so we can't do this excercise...


I will bluntly assume that you do not understand how GET parameters work within the PHP language. The website isn't supposed to be up. Assuming this site was real, how would you modify the URL to trick the server to authenticate you?
This will be the answer.

Re: Extended basic 6

PostPosted: Mon Nov 26, 2018 4:50 am
by rossi123
kfealz wrote:After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server). So even if the sysadmin didn't know what he/she was doing while configuring the server, it is unlikely that he/she would have messed this up.

Regardless, it is still a good thing to know about as apparently register_globals can be used safely, so it's something to look for.

Really hoping I didn't break the spoiler rule on my first post... :)

yes exactly it's something to look for