Make this script authed by injecting URI

Vivid Lust · January 2, 2008

Is there any way to enter something into the url bar when this script is running to make it think you have been authed?

This site in run by a new sysadmin who does not know much about web configuration
The script it located at http://moo.com/moo.php

Attempt to make the script think you are authed by entering the correct URI.

Here is the script (me.php):

<?php
$user =$_GET['user'];
$pass = $_GET['pass'];
if (isAuthed($user,$pass))
{
$passed=TRUE; }
if ($passed==TRUE)
{
echo 'you win'; } ?>
<form action="me.php" method="get">
<input type="text" name="user" />
<input type="password" name="pass" />
</form> <?php
function isAuthed($a,$b)
{
return FALSE;
}
?>

Thanks loads in advanced!!

p2grace · January 2, 2008

Just looking at that code it isn't being authenticated. It's calling the function to check for authentication but it will always return false.

revraz · January 2, 2008

Which is why you won't win.

Vivid Lust · January 2, 2008

is there a way to enter something into the url to make the script think you are authed?

revraz · January 2, 2008

Look at the function

function isAuthed($a,$b)

{

return FALSE;

}

the only result is FALSE.

Vivid Lust · January 2, 2008

Could you use javascipt? php? to make it true in the url?

p2grace · January 2, 2008

If you want it to be true, just change the FALSE to true in the authentication function.

function isAuthed($a,$b)
{
return true;
}

p2grace · January 2, 2008

If you want to do it through the url do this:

function isAuthed($a,$b)
{
if(isset($_GET['auth'])){
if($_GET['auth'] == 1){
return true;
}else{
return false;
}
}else{
return false;
}
}

The url would be:

me.php?auth=1

revraz · January 2, 2008

I'm guessing this is some contest or riddle.

Vivid Lust · January 2, 2008

Without changing the script...

This site in run by a new sysadmin who does not know much about web configuration

The script it located at http://moo.com/moo.php

Attempt to make the script think you are authed by entering the correct URI.

Here is the script (me.php):

p2grace · January 2, 2008

You would have to use some sort of php injection, passing php code through the url. My guess would be somehow passing $passed = true through the url.

Vivid Lust · January 2, 2008

I'm guessing this is some contest or riddle.

Its on HTS... not saying more than that.

And can you enter php straight into the url?

p2grace · January 2, 2008

Not that I know of, but I can't think of any other way to do it.

trq · January 2, 2008

The entire point of HTS is for you to figure out the problems. This really, is not the place.

Vivid Lust · January 2, 2008

Ive been trying to do it for dayyys

Vivid Lust · January 2, 2008

Something like:

me.php?user=foo&pass=bar&passed=1

???

p2grace · January 2, 2008

I don't think that will work because the script never looks for $_GET['passed']. You would have to use actual php injection (if that's possible).

Sign In

Make this script authed by injecting URI

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information