Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  Solved By 205 People  |  162933 views  |  since Aug 27, 2011 - 02:26:18

Stop us (Exploit, PHP)

You cannot stop us!
Noother has created a business to sell .xyz domains for some bucks.
Your job is to find a hole in the script that would allow purchases without paying for it.
You can test the script here.
To help you in debugging, you can take a look at the sourcecode, also as highlighted version.
There is a second file involved for the purchase table: noothtable.php, also as hightlighted version, but you probably don't need it.

Good luck!

Thanks go out to jjk and dloser for testing the challenge.
© 2011, 2012, 2013, 2014, 2015, 2016 and 2017 by noother and Gizmore