Username: 
Password: 
Restrict session to IP 
Questions  |  score: 7  |  5.94 7.47 7.44 |  Solved By 228 People  |  157800 views  |  since Mar 25, 2009 - 19:36:45

Screwed Signup (Exploit)

GeSHi`ed php code for register.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
45
<?php
chdir('../../');
define('GWF_PAGE_TITLE', 'Screwed Signup - Register');
require_once('challenge/html_head.php');
if (false === ($chall = WC_Challenge::getByTitle('Screwed Signup'))) {        $chall = WC_Challenge::dummyChallenge('Screwed Signup', 7, 'challenge/screwed_signup/index.php', false);
}
$chall->showHeader();
 
 require_once('screwed_signup.include');
if (isset($_POST['register']))
{
        screwed_signupRegister($chall);
} 
 
?>
<div class="box"><a href="login.php"><?php echo $chall->lang('btn_login'); ?></a></div>
 <?php htmlTitleBox($chall->lang('register_title'), $chall->lang('register_info')); ?>
 
<form action="" method="post">
        <?php #Session::CSRF(); ?>
        <table>                <tr>
                        <td><?php echo $chall->lang('th_username'); ?></td>
                        <td><input type="text" name="username" value="" /></td>
                </tr>
                <tr>                        <td><?php echo $chall->lang('th_password'); ?></td>
                        <td><input type="text" name="password" value="" /></td>
                </tr>
                <tr>
                        <td><input type="submit" name="register" value="<?php echo $chall->lang('btn_register'); ?>" /></td>                        <td></td>
                </tr>
        </table>
</form>
 <?php
echo $chall->copyrightFooter();
require_once('challenge/html_foot.php');
?>
 
Your mission
... is to login as Admin.
You are given the source of login and register scripts, also as highlighted version.
Not needed are the login.php and register.php scripts.
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by Gizmore