[go: nahoru, domu]
Skip to content

Latest commit

 

History

History
31 lines (29 loc) · 1.04 KB

challenge-38.md

File metadata and controls

31 lines (29 loc) · 1.04 KB
Raw

Challenge

<h1>hello ctfer!<h1><!--<?php
error_reporting(0);
$flag = "xxxxxxxx";
$secret = "xxxxxxxxxxxxxxxxxxxxxxxxx"; // This secret is 15 characters long for security!
$username = $_POST["username"];
$password = $_POST["password"];
if (!empty($_COOKIE["getmein"])) {
    if (urldecode($username) === "admin" && urldecode($password) != "admin") {
        if ($_COOKIE["getmein"] == md5($secret . urldecode($username . $password))) {
            echo "Congratulations! You are a registered user.\n";
            die ("The flag is ". $flag);
        }
        else {
            die ("Your cookies don't match up! STOP HACKING THIS SITE.");
        }
    }
    else {
        die ("You are not an admin! LEAVE.");
    }
}
setcookie("sample-hash", md5($secret . urldecode("admin" . "admin")), time() + (60 * 60 * 24 * 7));
echo "<h1>hello ctfer!<h1>";
-->

Solution

Refference