The challange:
Visiting the webpage we see an input field with the name ‘input secret’ which submits a query and a link to the sourcecode. See the picture:

So lets have a look at the sourcecode (header is deleted to shrink the size of the block of code)

 <html>
<body>
<h1>natas6</h1>
<div id="content">

<?
include "includes/secret.inc";
    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

As we can see it’s a form which posts the input. It seems like it checks if it has the value of ‘secret’ found in line: if($secret == $_POST[‘secret’]) {
So lets try to input ‘secret’, and we get ‘wrong secret’. Would have been to easy ofcourse. The scripts includes another file with the path: ‘includes/secret.inc’ I found this in the line: include “includes/secret.inc”;. So lets go to ‘includes/secret.inc’ and see what is in there. Visiting the webpage we see a blank page, but viewing the source shows us an variable named ‘secret’ with the value of ‘FOEIUWGHFEEUHOFUOIU’. This value is the secret we have to fill in. The source code is:

<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

So lets try to fill in ‘FOEIUWGHFEEUHOFUOIU’, and we are granted with the login of Natas7.

Leave a Reply

Your email address will not be published. Required fields are marked *