Username: 
Password: 
Restrict session to IP 
Questions  |  score: 4  |  4.50 6.77 6.00 |  Solved By 632 People  |  110690 views  |  since Aug 27, 2010 - 21:54:28

Yourself PHP (PHP, Exploit, XSS)

Yourself PHP
Your mission is to inject <script>alert(1);</script> into this script, and make it popup a javascript alert.
The checkit() function tests your injected string for a few static solutions.
Please try to use as less characters as possible and inject the exact same string as above.

Note: This challenge is simulated, and does only check for a few static solutions.
The real XSS flaw got silently fixed, because of security concerns. Thanks noother!
So even if you inject the right code, it will not execute anymore.
GeSHi`ed php code for index.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
54
<?php
require 'checkit.php'; # required to check your solution/injection
 
chdir('../../'); # chroot to web root
define('GWF_PAGE_TITLE', 'Yourself PHP'); # Wrapper hackrequire_once('challenge/html_head.php'); # output start of website
 
# Get the challenge
if (false === ($chall = WC_Challenge::getByTitle('Yourself PHP'))) {
        $chall = WC_Challenge::dummyChallenge('Yourself PHP', 4, 'challenge/yourself_php/index.php', false);}
# And display the header
$chall->showHeader();
 
# Show mission box (translated)echo GWF_Box::box($chall->lang('mission_i', array('index.php?highlight=christmas')), $chall->lang('mission_t'));
 
# Check your injection and fix the hole by silently applying htmlsepcialchars to the vuln input.
if (phpself_checkit())
{        $chall->onChallengeSolved(GWF_Session::getUserID());
}
 
# Show this file as highlighted sourcecode, if desired
if ('christmas' === Common::getGetString('highlight')){
        $msg = file_get_contents('challenge/yourself_php/index.php');
        $msg = '['.'code=php title=index.php]'.$msg.'['.'/code]';
        echo GWF_Box::box(GWF_Message::display($msg));
} 
 
 
# __This is the challenge:
if (isset($_POST['username'])){
        echo GWF_Box::box(sprintf("Well done %s, you entered your username. But this is <b>not</b> what you need to do.", htmlspecialchars(Common::getPostString('username'))));
}
echo '<div class="box box_c">'.PHP_EOL;
echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']).PHP_EOL;echo sprintf('<div>%s</div>', GWF_CSRF::hiddenForm('phpself')).PHP_EOL;
echo sprintf('<div>Username:<input type="text" name="username" value="" /></div>').PHP_EOL;
echo sprintf('<div><input type="submit" name="deadcode" value="Submit" /></div>').PHP_EOL;
echo sprintf('</form>').PHP_EOL;
echo '</div>'.PHP_EOL;# __End of challenge
 
 
 
# Print Challenge Footerecho $chall->copyrightFooter();
# Print end of website
require_once('challenge/html_foot.php');
?>
Username:
© 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by Gizmore and Kender