login to access
[web]
login to access
If at first you don't login, maybe back up.
Recon
Dir found: / - 200
File found: /login.php - 308
File found: /con.php - 200
Dir found: /icons/ - 403
File found: /login.php - 200
/con.php
is an empty page. Sending a POST
reveals a new response header: X-Powered-By: PHP/7.2.24
.
Flag
Stared at the website, read the description "back up", tried login.php.bak
, obtained flag.
<?php
$username = $_POST["username"];
$password = $_POST["password"];
$flag = "TUCTF{b4ckup5_0f_php?_1t5_m0r3_c0mm0n_th4n_y0u_th1nk}";
$query = "SELECT * FROM users WHERE user='$username' AND password='$password'";
if (true){
echo '<link href="login.css" rel="stylesheet" type="text/css">';
echo "<h1>Login failed.</h1>";
}
else {
$result = mysqli_query($conn,$query);
$row = mysqli_fetch_array($result,MYSQLI_NUM);
if ($row) {
echo "<title>You found it!</title>";
echo '<link href="login.css" rel="stylesheet" type="text/css">';
echo "<h1>$flag</h1>";
}
else {
echo '<link href="login.css" rel="stylesheet" type="text/css">';
echo "<h1>Login failed.</h1>";
}
}
?>
TUCTF{b4ckup5_0f_php?_1t5_m0r3_c0mm0n_th4n_y0u_th1nk}