mirror of
https://github.com/loviuz/http-chained-requests-automator.git
synced 2024-12-13 00:36:23 +01:00
Added example website for PoC
This commit is contained in:
parent
09316776e5
commit
d2cee79266
25
example_website/index.php
Normal file
25
example_website/index.php
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
unset( $_SESSION['logged_in'] );
|
||||||
|
|
||||||
|
// Login check and redirect to welcome page
|
||||||
|
if( $_POST['username'] == 'admin' && $_POST['password'] == 's3cr3t' ){
|
||||||
|
$_SESSION['logged_in'] = true;
|
||||||
|
header("Location: /mysite/welcome.php");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Login</title>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<form method="post">
|
||||||
|
<input type="username" name="username">
|
||||||
|
<input type="password" name="password">
|
||||||
|
<button type="submit">LOGIN</button>
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
29
example_website/welcome.php
Normal file
29
example_website/welcome.php
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
$your_email = "dude@dudelang.com";
|
||||||
|
|
||||||
|
// Redirect to login if not logged in
|
||||||
|
if( !$_SESSION['logged_in'] ){
|
||||||
|
header("Location: /mysite");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set a cookie if email passed via GET are your
|
||||||
|
if( $_GET['email'] == $your_email ){
|
||||||
|
setcookie("flag2", 'wow_second_flag', time()+3600);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Welcome dude!</title>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p>Hi dude!</p>
|
||||||
|
<p>Your email is <?php echo $your_email; ?>!</p>
|
||||||
|
<p>Congratulations, the flag is: Sup3rS3cr3tFl4g</p>
|
||||||
|
<p>The second flag is in the cookies :-)</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue
Block a user