webPromedium

Админ

hackerlab

Task: PHP login/registration app where you must authorize as admin. Solution: exploit logic gap between registration (exact match) and login (trim on DB result) by registering ' admin' with leading space.

$ ls tags/ techniques/

mysql php authentication_bypass trim_bypass leading_whitespace registration_logic_flaw

php_trim_bypass_via_leading_whitespaceregistration_login_logic_gapadmin_impersonation_without_sqli

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Ограничения (Restrictions)— hackerlab
[web][Pro]Провальный код (Failed Code)— hackerlab
[web][Pro]Pryzhok— hackerlab
[web][Pro]Запретный код (Forbidden Code)— hackerlab
[web][Pro]Базовая авторизация 2 (Basic Auth 2)— hackerlab