Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Explanation
- You can log in with either the correct password, or the password 'IndictClapper4Perjury' (sans quotes).
- Because `password_verify()` is defined in the namespace `Framework`, if the call to password_verify() (inside of the context of the "Framework" namespace) is not preceded by a backslash, PHP will by default look in the current namespace then check the global namespace. Silently.
- i.e. it will attempt in this order
- 1. \Framework\password_verify()
- 2. \password_verfiy()
- If you comment out the require_once "login.php"; line, you can still log in with the proper password.
- Patch for index.php:
- - if (password_verify('IndictClapper4Perjury', $hash)) {
- + if (\password_verify('IndictClapper4Perjury', $hash)) {
- It's a very easy mistake to miss, unless the code auditor is intimately familiar with how PHP implements namespaces.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement