API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 10th, 2019
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.06 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /* TABLE STRUCTURE
  3. CREATE TABLE IF NOT EXISTS users (
  4. userid    INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
  5. username  VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  6. password  CHAR(32) CHARACTER SET ascii COLLATE ascii_bin NOT NULL
  7. ) ENGINE=myISAM;
  8. */
  9.  
  10. # Username and Password sent?
  11. if ( ('' !== ($username = Common::getPostString('username'))) && (false !== ($password = Common::getPostString('password', false))) ) {
  12.     auth1_onLogin($chall, $username, $password);
  13. }
  14.  
  15. /**
  16.  * Get the database for this challenge.
  17.  * @return GDO_Database
  18.  */
  19. function auth1_db()
  20. {
  21.     if (false === ($db = gdo_db_instance('localhost', WCC_AUTH_BYPASS1_USER, WCC_AUTH_BYPASS1_PASS, WCC_AUTH_BYPASS1_DB))) {
  22.         die('Database error 0815_1!');
  23.     }
  24.     $db->setLogging(false);
  25.     $db->setEMailOnError(false);
  26.     return $db;
  27. }
  28.  
  29. /**
  30.  * Exploit this!
  31.  * @param WC_Challenge $chall
  32.  * @param unknown_type $username
  33.  * @param unknown_type $password
  34.  * @return boolean
  35.  */
  36. function auth1_onLogin(WC_Challenge $chall, $username, $password)
  37. {
  38.     $db = auth1_db();
  39.    
  40.     $password = md5($password);
  41.    
  42.     $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
  43.    
  44.     if (false === ($result = $db->queryFirst($query))) {
  45.         echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false); # Unknown user
  46.         return false;
  47.     }
  48.  
  49.     # Welcome back!
  50.     echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false);
  51.    
  52.     # Challenge solved?
  53.     if (strtolower($result['username']) === 'admin') {
  54.         $chall->onChallengeSolved(GWF_Session::getUserID());
  55.     }
  56.    
  57.     return true;
  58. }
  59. ?>
  60. <form action="index.php" method="post">
  61. <table>
  62. <tr>
  63.     <td><?php echo $chall->lang('username'); ?>:</td>
  64.     <td><input type="text" name="username" value="" /></td>
  65. </tr>
  66. <tr>
  67.     <td><?php echo $chall->lang('password'); ?>:</td>
  68.     <td><input type="password" name="password" value="" /></td>
  69. </tr>
  70. <tr>
  71.     <td></td>
  72.     <td><input type="submit" name="login" value="<?php echo $chall->lang('btn_login'); ?>" /></td>
  73. </tr>
  74. </table>
  75. </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!