6 Replies - 13357 Views - Last Post: 27 August 2012 - 06:49 PM Rate Topic: -----

#1 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 948
  • View blog
  • Posts: 2,357
  • Joined: 15-February 11

This Code Says "Hack Me"

Posted 29 February 2012 - 07:34 AM

*
POPULAR

I was browsing around Hackforums and I ran into this.
<html>
    <head>
  <title> hello </title>
    </head>
    <body>
  <a href="index.php?page=contact">Contact us</a>
  <a href="index.php?page=news">News</a>
  <?php 
  // the anchor tags are gonna stay. Now with PHP we can check if in the browser there is soemthing filled in as page.
  if(isset($_GET['page'])) {
    $page = $_GET['page'];
  include_once $page . '.php'; // It will include the php page with the name in the browser. So for index.php?page=contact it is gonna include contact.php
  } else {
    include_once 'news.php';  // put your homepage here ( This is gonna be your total content shit ).
  }
  ?>
    </body>
</html>



The lines to note are
if(isset($_GET['page'])) {
    $page = $_GET['page'];
  include_once $page . '.php';



If you pass http%3A%2F%2Fwww.google.com%2F%3F in the URL query as the value of page then you will see it includes the Google homepage. Imagine the destructive force when including Javascript code!

Is This A Good Question/Topic? 10
  • +

Replies To: This Code Says "Hack Me"

#2 fastlane85  Icon User is offline

  • New D.I.C Head

Reputation: 9
  • View blog
  • Posts: 17
  • Joined: 13-March 10

Re: This Code Says "Hack Me"

Posted 29 February 2012 - 09:36 AM

Seriously... you made coffee come out my nose, which is not pleasant.

Thanks for the laugh
Was This Post Helpful? 1
  • +
  • -

#3 no2pencil  Icon User is online

  • Admiral Fancy Pants
  • member icon

Reputation: 5411
  • View blog
  • Posts: 27,422
  • Joined: 10-May 07

Re: This Code Says "Hack Me"

Posted 12 March 2012 - 06:36 PM

Bah, just grab a page & run w/ it. Whatever php page you can get off the stack, I really don't care.
Was This Post Helpful? 0
  • +
  • -

#4 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 801
  • View blog
  • Posts: 1,700
  • Joined: 30-January 09

Re: This Code Says "Hack Me"

Posted 12 March 2012 - 09:29 PM

At least they checked whether $_GET['page'] was set. Wouldn't want a NULL reference tripping up the code.
Was This Post Helpful? 0
  • +
  • -

#5 Yo!  Icon User is offline

  • D.I.C Head


Reputation: 4
  • View blog
  • Posts: 83
  • Joined: 03-September 11

Re: This Code Says "Hack Me"

Posted 10 April 2012 - 07:27 PM

Made me laugh.
Thanks!
Was This Post Helpful? 0
  • +
  • -

#6 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 543
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: This Code Says "Hack Me"

Posted 09 June 2012 - 03:48 PM

Sounds like someone left allow_url_fopen turned on...

Admittedly this code is still easily manipulated without it.

This post has been edited by Valek: 09 June 2012 - 03:48 PM

Was This Post Helpful? 0
  • +
  • -

#7 thelung  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 27-August 12

Re: This Code Says "Hack Me"

Posted 27 August 2012 - 06:49 PM

looks like they had to be playing around and learning. I hope.lol. This is some funny content shit, though..
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1