loviuz/http-chained-requests-automator
loviuz
/
http-chained-requests-automator
mirror of https://github.com/loviuz/http-chained-requests-automator.git
1
0
Fork 0
Code Issues Releases Activity

Added example website for PoC

This commit is contained in:
loviuz 2021-01-23 15:27:12 +01:00
parent 09316776e5
commit d2cee79266
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
example_website/index.php Normal file
View File

@ -0,0 +1,25 @@
<?php
session_start();
unset( $_SESSION['logged_in'] );
// Login check and redirect to welcome page
if( $_POST['username'] == 'admin' && $_POST['password'] == 's3cr3t' ){
$_SESSION['logged_in'] = true;
header("Location: /mysite/welcome.php");
exit();
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post">
<input type="username" name="username">
<input type="password" name="password">
<button type="submit">LOGIN</button>
</form>
</body>
</html>

29
example_website/welcome.php Normal file
View File

@ -0,0 +1,29 @@
<?php
session_start();
$your_email = "dude@dudelang.com";
// Redirect to login if not logged in
if( !$_SESSION['logged_in'] ){
header("Location: /mysite");
exit();
}
// Set a cookie if email passed via GET are your
if( $_GET['email'] == $your_email ){
setcookie("flag2", 'wow_second_flag', time()+3600);
}
?>
<html>
<head>
<title>Welcome dude!</title>
</head>
<body>
<p>Hi dude!</p>
<p>Your email is <?php echo $your_email; ?>!</p>
<p>Congratulations, the flag is: Sup3rS3cr3tFl4g</p>
<p>The second flag is in the cookies :-)</p>
</body>
</html>