Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- echo '
- <form action="type_juggling.php" class="authform" method="POST" accept-charset="utf-8">
- <fieldset>
- <legend>Authentication</legend>
- <input type="text" id="username" name="username" value="" placeholder="Your username" />
- <input type="password" id="password" name="password" value="" placeholder="Your password" />
- <input type="submit" name="submit" value="Authenticate" />
- </fieldset>
- <br>
- <p class=return_value> </p>
- <br>
- <a target="_blank" href="https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf"> <b> Hint... </b> </a>
- ';
- echo '<script src="http://challenge01.root-me.org/web-serveur/ch44/jquery-2.2.1.min.js" type="text/javascript">
- </script>
- <script type="text/javascript">
- $("document").ready(function(){
- $(".authform").submit(function(){
- $(".return-value").html(" ");
- var data = {username: $("#username").val(), password: $("#password").val()};
- $.ajax({
- type: "POST",
- dataType: "json",
- url: "type_juggling.php",
- data: {auth : JSON.stringify({data})},
- success: function(data) {
- $(".return_value").html(
- "Result: " + data["status"]
- );
- }
- });
- return false;
- });
- });
- </script>
- ';
- ?>
- <?php
- //declare
- $USER='admin';
- $USERNAME='admin';
- $PASSWORD="F098cdrrJFERrgseijIJ";
- $PASSWORD_SHA256=0x5eed8a5d0fec8763a28f90c5ccf4dbcdd4b3f07792a2091666322558c01d9607;
- $FLAG='flag{secret_flag}';
- //execute
- $return['status'] = 'Authentication failed!';
- echo "<br>";
- //use jquery
- if (isset($_POST["auth"])) {
- // retrieve JSON data
- echo $_POST["auth"] . "<br>";
- echo "auth...<br>";
- $auth = @json_decode($_POST['auth'], true);
- // check login and password (sha256)
- if($auth['data']['username'] == $USER && !strcmp($auth['data']['password'], $PASSWORD)){
- $return['status'] = "Access granted! The validation password is: $FLAG";
- }
- echo '<br>' . htmlentities($return['status']) . '<br>';
- }
- //not use jquery
- if (isset($_POST["username"]) && isset($_POST["password"])) {
- echo "login...<br>";
- $auth['data']['username'] = $_POST['username'];
- $auth['data']['password'] = $_POST['password'];
- $auth = @json_decode('{"data":{"username":"admin","password":{}}}',true);
- // check username and password (sha256)
- if($auth['data']['username'] == $USERNAME && !strcmp($auth['data']['password'], $PASSWORD)){
- $return['status'] = "Access granted! The validation password is: $FLAG";
- }
- echo '<br>' . htmlentities($return['status']) . '<br>';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement