Username: 
Password: 
Restrict session to IP 
Questions  |  score: 7  |  Solved By 195 People  |  137822 views  |  since Mar 25, 2009 - 19:36:45

Screwed Signup (Exploit)

GeSHi`ed php code for login.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
<?php
chdir('../../');
define('GWF_PAGE_TITLE', 'Screwed Signup - Login');
require_once('challenge/html_head.php');
 if (false === ($chall = WC_Challenge::getByTitle('Screwed Signup'))) {
        $chall = WC_Challenge::dummyChallenge('Screwed Signup', 7, 'challenge/screwed_signup/index.php', false);
}
 
$chall->showHeader(); 
require_once('screwed_signup.include');
 
if (isset($_POST['login']))
{        screwed_signupLogin($chall);
}
 
?>
 <div class="box box_c"><a href="register.php"><?php echo $chall->lang('btn_register'); ?></a></div>
 
<?php htmlTitleBox($chall->lang('login_title'), $chall->lang('login_info')); ?>
 
 <form action="" method="post">
        <?php #Session::CSRF(); ?>
        <table>
                <tr>
                        <td><?php echo $chall->lang('th_username'); ?>:</td>                        <td><input type="text" name="username" value="" /></td>
                </tr>
                <tr>
                        <td><?php echo $chall->lang('th_password'); ?>:</td>
                        <td><input type="text" name="password" value="" /></td>                </tr>
                <tr>
                        <td><input type="submit" name="login" value="<?php echo $chall->lang('btn_login'); ?>" /></td>
                        <td></td>
                </tr>        </table>
</form>
 
<?php
echo $chall->copyrightFooter();require_once('challenge/html_foot.php');
?>
 
Your mission
... is to login as Admin.
You are given the source of login and register scripts, also as highlighted version.
Not needed are the login.php and register.php scripts.
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 and 2017 by Gizmore