Dashboard Articles Playground Discussions More
Follow

?dea

Alien [StRe1cHeR]
11 years ago | edited 11 years ago

0

session_start();  
if(isset($_POST['username'])){  
$_SESSION['login'] = $_POST['username'];  
if($_SESSION['login'] == "Administrator"){  
echo "Logged in as Admin!!";  
} else {  
echo "Logged in as " . $_POST['username'] . "<br>";  
}  
} else {  
echo "<h1>No username is defined</h1>";  
}  
?>```  



Details:  

Exploit Type:  
Exploitable Line:   
Patched Line:  

SUBMİT!  





EXAMPLE

$title = “HBH Example”;
echo “

”.$title.“

”;
echo “Hello, ” . $_GET[‘name’] . “
”;
?>```

Example Answer:
Exploit Type: Cross Site Scripting
Exploitable Line: 4
Patched Line: echo “Hello, ” . strip_tags($_GET[‘name’]) . “

”;
0replies
1voice
196views
You must be logged in to reply to this discussion. Login
1 of 1

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss