Make this script authed by injecting URI

[Vivid Lust]

Is there any way to enter something into the url bar when this script is running to make it think you have been authed?

This site in run by a new sysadmin who does not know much about web configuration

The script it located at http://moo.com/moo.php

 

Attempt to make the script think you are authed by entering the correct URI.

Here is the script (me.php):

<?php
$user =$_GET['user'];
$pass = $_GET['pass'];
if (isAuthed($user,$pass))
{
$passed=TRUE; }
if ($passed==TRUE)
{
echo 'you win'; } ?>
<form action="me.php" method="get">
<input type="text" name="user" />
<input type="password" name="pass" />
</form> <?php
function isAuthed($a,$b)
{
return FALSE;
}
?>

 

Thanks loads in advanced!!

[p2grace]

Just looking at that code it isn't being authenticated.  It's calling the function to check for authentication but it will always return false.

[revraz]

Which is why you won't win.

[Vivid Lust]

is there a way to enter something into the url to make the script think you are authed?

[revraz]

Look at the function

 

function isAuthed($a,$b)

{

return FALSE;

}

 

the only result is FALSE. 

[Vivid Lust]

Could you use javascipt? php? to make it true in the url?

 

 

[p2grace]

If you want it to be true, just change the FALSE to true in the authentication function.

 

function isAuthed($a,$b)
{
return true;
}

[p2grace]

If you want to do it through the url do this:

 

function isAuthed($a,$b)
{
if(isset($_GET['auth'])){
if($_GET['auth'] == 1){
return true;
}else{
return false;
}
}else{
return false;
}
}

 

The url would be:

 

me.php?auth=1

[revraz]

I'm guessing this is some contest or riddle.

[Vivid Lust]

Without changing the script...

 

This site in run by a new sysadmin who does not know much about web configuration

The script it located at http://moo.com/moo.php

 

Attempt to make the script think you are authed by entering the correct URI.

Here is the script (me.php):

[p2grace]

You would have to use some sort of php injection, passing php code through the url.  My guess would be somehow passing $passed = true through the url.

[Vivid Lust]

I'm guessing this is some contest or riddle.

 

Its on HTS... not saying more than that.

 

And can you enter php straight into the url?

[p2grace]

Not that I know of, but I can't think of any other way to do it.

[trq]

The entire point of HTS is for you to figure out the problems. This really, is not the place.

[Vivid Lust]

Ive been trying to do it for dayyys

[Vivid Lust]

Something like:

 

me.php?user=foo&pass=bar&passed=1

 

???

[p2grace]

I don't think that will work because the script never looks for $_GET['passed'].  You would have to use actual php injection (if that's possible).