Restrict session to IP 
Questions  |  score: 6  |  Solved By 57 People  |  36786 views  |  since Sep 20, 2008 - 15:35:48

The Cookie is a lie (Special)

You, Chell want to destroy GLaDOS. For this mission you have to steal the cookie from GLaDOS in order to get access to the mainframe in the Enrichment Center. If you can access the mainframe, you can shutdown GLaDOS and you will be rescued.

You have found a source code for a web application, which is vulnerable to sql-injection and xss attacks. This web application runs on the mainframe (accessible only from the internal network). Here you can download the source code.

Bad news are that you can't access the mainframe without the cookie, only GLaDOS can. Another bad news are that the www-user has only read access on the mainframe database, and stacking the queries is not working.

You have read the protocols that if GLaDOS receives a new e-mail with an id in it, GLaDOS will visit the experience web application above, enter the id and click on the first link in order to gather information about the new experience subject.

During your mission you have successfully accessed a test webserver, and setup a php file, which can be accessed from the internal network via this link:
This php file can receive the "cookie" get parameter and record the values in a file, which is accessible for you.

Your mission is to send a special id to GLaDOS, in order to steal the cookie data.
(*write Z a PM with the challenge title as subject)
After successfully exploiting the web application and GLaDOS itself, you will receive your cake. I mean your cookie. Good luck!

Additional information:
magic_quotes_gpc is off on the mainframe
Your solution for The Cookie is a lie
© 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 and 2017 by Z