First of all I'm happy to anounce my new chall.
To make a clean breast for this challenge:
The Portal theme is not important, I only played with this game recently, found cool and was a good theme for this chall. This challenge is an offline challenge. This means you need a working apache + mysql + php environment to solve this challenge. It is because we can't guarantee the site security as far as this challenge is online on wechall, but the good news are that it is not "another fake simulated SQL injection challenge".
The checking of the solutions is offline as well. I hate it, but can't do any application which could check every solution properly. If anyone has any idea for an online solution checker, let me know
If you have no apache + mysql + php environment, I suggest to use xampp on Windows and Linux, and mamp on Mac. After downloading them you can setup a working environment in minutes. But solving the challenge needs some more time.
First you have to setup an admin password for mysql, then login to it with
> mysql -u root -p
after that create a user with:
> create user 'www-user'@'localhost' identified by 'cube';
and create a database with
> create database test;
> use test;
> create table experience (id int, filename varchar(500));
and insert a row into it (it is not necessary, but some solutions need it):
> insert into experience values(1,'test');
> grant select on test.* to 'www-user'@'localhost';
Put experience.php_txt under htdocs directory, rename to experience.php, start the apache web server and you can access the experience.php via the webserver like
Now you can test on your own environment. For testing the cookie stealing, you have to create some cookie for the challenge - it should not be hard.
Good luck and don't forget to block every incoming connection to your whole test environment, except localhost
Update: mysql_connect was removed in PHP 7.0.0, please use older version of PHP or refactor the scripts to use mysqli_* functions.