Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
ReD2018-02-25 23:56:41
PHP
ReD, 2018-02-25 23:56:41

How can I bypass password verification?

There is such a code with a loophole (sort of) to get the value of the password field from the form:

<?php
require 'flag.php';

if (isset ($_GET['password'])) {
  if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
    echo '<p class="alert">You password must be alphanumeric</p>';
  else if (strpos ($_GET['password'], '--') !== FALSE)
    die('Flag: ' . $flag);
  else
    echo '<p class="alert">Wrong passsword</p>';
}
?>

Is there a way to somehow "trick" the input character filtering and get the value of the $flag variable?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
I
index0h, 2018-02-26
@trinitr0

$_GET['password'] = [''];

Report
A
anonlatte, 2018-02-26
@anonlatte

Exploit null byte vulnerability
Add %00 to the end of the string. Everything after these characters will not be read regularly, but it will be possible to insert the necessary characters that match the condition for obtaining the flag
Solution task example.com/?password=pass%00--

Report
A
asd111, 2018-02-26
@asd111

No.

Similar questions
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
A
Andrei1penguin12021-04-01 00:37:45
Why don't losses decrease? 3Reply
R
ReDeNDeR2021-04-06 13:10:49
How to order raspberry pi in Baku? 4Reply
A
Alex2019-10-09 12:42:39
How to create qr code in js? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question