Hey guys!
Im not the PHP coder, but i’ve tried to read the code. Here is some of my thoughts
First idea
There is a string in the code I was interesting in
'mysql:host=localhost;dbname=dev', 'root', 'meep');
I’ve tried to connect to the MySQL 85.159.213.101 server using that data. And it wasn’t successful. Error 10060. I’ve tried different ports.
Also I’ve tried to find PhpMyAdmin on the server https://www.hackthis.co.uk/levels/extras/real/7 but it also wasnt successful for me. (Idea was that its impossible to login to DB outside, that’s why I’ve start to searh it)
Second idea
There is a code.
if (isset($_SESSION['uid'])) {
$this->authorized = true;
$this->uid = $_SESSION['uid'];
$this->username = $_SESSION['username'];
If I got i wright - if we have UID and username then we can login without password. I need to get know how to put UID and Username params to current browser session.
I will be appriciate u review these assumes. THank you.
This is the whole goal of the challenge to figure out what is the vulnerability. You can always try to do what you think is right and you’ll see. But don’t do random things, apply logic.
You must be logged in to reply to this discussion.
Login
1 of 2
This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.