Username: 
Password: 
Restrict session to IP 
Questions  |  score: 7  |  7.18 8.09 7.55 |  Solved By 41 People  |  66532 views  |  since Aug 11, 2012 - 00:41:36

What is your Name? (Exploit, PHP, Coding)

What is your Name?
Mawekl is challenging you. The code might look safe, but it´s a trap!
Again you can see the sourcecode, also as highlighted version.
The ob_start makes it only harder. Oh and visit Security Traps.
Happy Challenging!
GeSHi`ed PHP code for who.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
54
<?php
chdir('../../../');
define('GWF_PAGE_TITLE', 'What is your Name?');
define('NO_HEADER_PLEASE', '1');
require_once('challenge/html_head.php');$SOLUTION_FLAG = require_once 'challenge/Mawekl/what_is_your_name/solution.php';
GWF_Debug::disableErrorHandler();
error_reporting(E_ERROR);
#########################
# Challenge starts here ##########################
function honeypot($buff)
{
        return str_replace('mawekl', 'Mawekl', $buff);
}ob_start('honeypot',4096);
session_start();
?>
<html><head><title>What is your name?</title><meta name="description" content="What is your name challenge from Mawekl on WeChall. It requires knowledge of PHP, Programming and Exploitation." /><meta name="keywords" content="Hackit,Challenge,PHP,Exploit" /><meta name="author" content="Mawekl" /><meta http-equiv="content-type" content="text/html;charset=UTF-8" /><body><p>
<?phpif(isset($_SESSION['whoami']))
{
        if($_SESSION['whoami'] === 'Mawekl')
                echo 'Welcome Mawekl! Password is '.$SOLUTION_FLAG;
        else                echo 'STRANGER! GO AWAY!';
        unset($_SESSION['whoami']);
}
elseif(isset($_GET['who']))
{        $honeypot = ($_GET['honeypot'] * 1337) + 1.7;
        if(!preg_match('/[^0-9.E+]/',(string)$honeypot) && is_float((int)round($honeypot) - 33))
        {
                $_SESSION['whoami'] = 'Mawekl';
        }        $who = (string)$_GET['who'];
        if($who == 'Mawekl')
        {
                echo 'You are not Mawekl! :[';
                $_SESSION['whoami'] = 'STRANGER';        }
        else
        {
                echo htmlspecialchars('Welcome '.$who.'! ');
                $_SESSION['whoami'] = $who;        }
}
else
{
        echo 'Who are you?!';}
?>
</p></body></html>
 
Your solution for What is your Name?
Answer
© 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Mawekl