Press "Enter" to skip to content

[SEC-T] Naughty ads

Solution

http://naughtyads.alieni.se/

So, maybe we can read the source code through http://naughtyads.alieni.se/index.phps ??

We can see that there has a very secure filter for $_REQUEST['id'] , but not for $_GET['id'].
It do nothing and parse $_GET['id'] to the function.
So, we can bypass the filter like this

Finally, i got the username and password.
Username:webmasterofdoom3755
Password:5ebe2294ecd0e0f08eab7690d2a6ee69
Reverse the md5 here: https://md5.gromweb.com/?md5=5ebe2294ecd0e0f08eab7690d2a6ee69
And found that the real password is secret.

Use this identity to login into the website, and fill in the phone number for submit the form, and then the website will give you the flag.

Comments

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *