<?
/**
* 04/06/09
* App Web Vuln Code Cookie Spoofing
* Coded by Bocvk
* www.exploit-crew.blogspot.com
**/
if(!empty($_POST['user']) && !empty($_POST['pass'])){
$user=$_POST['user'];
$pass=$_POST['pass'];
check_user($user,$pass);
}elseif(empty($_COOKIE['user'])){
echo '<center><br><form action="" method="POST">
User : <input type="text" name="user"><br>
Pass : <input type="text" name="pass"><br><br>
<input type="submit" value="Send">
</form></center> ';
}else{
if(isset($_COOKIE['user']))
{
echo "<center><h1>";
switch($_COOKIE['user']){
case 1: echo "Logged in admin";
break;
case 2: echo "Logged in user1";
break;
default: echo "Logged in user2";
break;
}
echo "</h1></center>";
}
}
function check_user($user,$pass){
// Simulation of database simple =)
$users=array("admin","user1","user2");
$passwords=array("pass_admin","pass_user1","pass_user2");
for($i=0;$i<count($users);$i++){
if($users[$i]=="$user" && $passwords[$i]=="$pass"){
setcookie("user",strval($i+1),time()+3600);
$file= basename($_SERVER["SCRIPT_NAME"]);
header("Location: $file");
}
}
}
?>App Web Vuln Cookie Spoofing
jueves, 4 de junio de 2009
en
13:31
Posted In
Apps
|
0
comentarios
|
Suscribirse a:
Entradas (Atom)