Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  3.18 4.80 4.96 |  Solved By 1133 People  |  116914 views  |  since Sep 10, 2011 - 20:25:02

PHP 0818 (Exploit, PHP)

PHP 0818
PHP is weird!
Take a look at the source, also as highlighted version.
Enter your magic number at the live script in action.

Happy Challenging!
GeSHi`ed PHP code for PHP0818
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
<?php
chdir('../../../');
define('GWF_PAGE_TITLE', 'PHP 0818');
require_once('challenge/html_head.php');
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {        $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 3, 'challenge/noother/php0818/index.php', false);
}
$chall->showHeader();
# ------ 8< ------ 8< ------ 8< ------ 8< ------ #
if (isset($_POST['answer'])){
        if (noother_says_correct(Common::getPostString('number')))
        {
                $chall->onChallengeSolved(GWF_Session::getUserID());
        }        else
        {
                echo GWF_HTML::error('PHP 0818', $chall->lang('err_wrong'), false);
        }
}function noother_says_correct($number)
{
        $one = ord('1');
        $nine = ord('9');
        # Check all the input characters!        for ($i = 0; $i < strlen($number); $i++)
        { 
                # Disallow all the digits!
                $digit = ord($number[$i]);
                if ( ($digit >= $one) && ($digit <= $nine) )                {
                        # Aha, digit not allowed!
                        return false;
                }
        }        
        # Allow the magic number ...
        return $number == "3735929054";
}
# ------ 8< ------ 8< ------ 8< ------ 8< ------ #?>
<div class="box box_c">
        <form action="php0818.php" method="post" enctype="application/x-www-form-urlencoded">
                <div><?php echo $chall->lang('your_magic_number'); ?>: <input type="text" name="number" value="" size="10" /></div>
                <div><input type="submit" name="answer" value="<?php echo $chall->lang('btn_submit'); ?>" /></div>        </form>
</div>
<?php
# Foo-Tah!
echo $chall->copyrightFooter();require_once('challenge/html_foot.php');
?>
 
© 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by noother