Dashboard Articles Playground Discussions More
Follow

Right path?

FOSS login

Abrikoss
6 years ago

0

Hey guys!
Im not the PHP coder, but i’ve tried to read the code. Here is some of my thoughts

First idea
There is a string in the code I was interesting in
'mysql:host=localhost;dbname=dev', 'root', 'meep');
I’ve tried to connect to the MySQL 85.159.213.101 server using that data. And it wasn’t successful. Error 10060. I’ve tried different ports.
Also I’ve tried to find PhpMyAdmin on the server https://www.hackthis.co.uk/levels/extras/real/7 but it also wasnt successful for me. (Idea was that its impossible to login to DB outside, that’s why I’ve start to searh it)

Second idea

There is a code.
if (isset($_SESSION['uid'])) { $this->authorized = true; $this->uid = $_SESSION['uid']; $this->username = $_SESSION['username'];
If I got i wright - if we have UID and username then we can login without password. I need to get know how to put UID and Username params to current browser session.

I will be appriciate u review these assumes. THank you.

1reply
2voices
220views
SIGKILL [r4v463]
6 years ago

0

This is the whole goal of the challenge to figure out what is the vulnerability. You can always try to do what you think is right and you’ll see. But don’t do random things, apply logic.

You must be logged in to reply to this discussion. Login
1 of 2

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss