Codegate 2013 Web 200 Writeup

In Web 200, The site contains the login form for get ID and PS. ID is the IP-adress.

login page

We can get the source code of Web site.

View the source code: login_ok.php login.php opt_util.php

login.php source

ID is local IP-address, PS is password which we need to input.

opt_util.php source

otp_utill contains a function.

login_ok.php

Login audit process is through the “strcmp” judgment is consistent, and then judge whether the IP is 127.0.0.1. then get the flag.

In login_ok.php

strcmp

reference:Array[] Parameter Injection PHP function strcmp

strcmp(str, array) == 0

I modified the parameters(ID=127.0.0.1 ps[]=adrian),and then submit。

exploit

bingo!!!Get the flag!!!

flag