html entities in a PHP code -
i have homework , it's webpage (log-in page) , task enter , bypass login forum, first thing have looked page's source , found if want username should go /page.phps directory , did that. after entering directory redirected page piece of code
<?php $super_admin_access = false; // set our super-admin level user? if (isset($_get['user'])) { $user = html_entity_decode($_get['user']); if ($user === "<root>") { $super_admin_access = true; } } ?> <div class="logo"><img src="../assets/images/challenge-priserv-logo.svg" alt="nethub logo"></div> <div class="login"> <form class="form" onsubmit="dologin(); return false"> <div class="message message-error" id="login-error-msg" style="display: none">denied!</div> <div class="field"> <div class="label">username</div> <input type="text" name="username"> </div> <div class="field"> <div class="label">password</div> <input type="password" name="password"> </div> <!-- in case forget, details @ page.phps --> <div class="actions"> <input type="submit" value="access server" class="btn"> </div> </form> </div> i don't know if understand php code in right way, firstly though of writing "<root>" in html entity format become "<root>", there hint saying
did see comment in source code suggesting take @ page.phps? take look. urldecode do? can opposite of urldecode?
so tried login using username "<root>" or encoded 1 "<root>" tried removing quota no luck, don't know if there password or that, appreciate given, :).
seeing piece of homework won't give direct answer, rather point in right direction.
you on right track, seem have gotten little confused how php handles strings.
let me give example. go page login.php?user=tom.
<?php $user = $_get['user']; $desiredusername = "tom"; if ($user === $desiredusername) { echo "you're in!"; } let's take @ check if() doing in case.
$desiredusername === "tom"; // true $desiredusername === "frank"; // false $desiredusername === "jonas"; // false when setting $user variable in code, wrapping <root> quotes so.. "<root>". while php code checks see if $user === "<root>", quotes in case specifying want see if $user contains string <root>.
test method of using encoded entities "<root>" , without quotes on either side , see happens.
Comments
Post a Comment