mirror of
https://github.com/loviuz/http-chained-requests-automator.git
synced 2024-12-12 00:06:12 +01:00
Added example website for PoC
This commit is contained in:
parent
09316776e5
commit
d2cee79266
25
example_website/index.php
Normal file
25
example_website/index.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
session_start();
|
||||
unset( $_SESSION['logged_in'] );
|
||||
|
||||
// Login check and redirect to welcome page
|
||||
if( $_POST['username'] == 'admin' && $_POST['password'] == 's3cr3t' ){
|
||||
$_SESSION['logged_in'] = true;
|
||||
header("Location: /mysite/welcome.php");
|
||||
exit();
|
||||
}
|
||||
?>
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Login</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<form method="post">
|
||||
<input type="username" name="username">
|
||||
<input type="password" name="password">
|
||||
<button type="submit">LOGIN</button>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
29
example_website/welcome.php
Normal file
29
example_website/welcome.php
Normal file
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
$your_email = "dude@dudelang.com";
|
||||
|
||||
// Redirect to login if not logged in
|
||||
if( !$_SESSION['logged_in'] ){
|
||||
header("Location: /mysite");
|
||||
exit();
|
||||
}
|
||||
|
||||
// Set a cookie if email passed via GET are your
|
||||
if( $_GET['email'] == $your_email ){
|
||||
setcookie("flag2", 'wow_second_flag', time()+3600);
|
||||
}
|
||||
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome dude!</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p>Hi dude!</p>
|
||||
<p>Your email is <?php echo $your_email; ?>!</p>
|
||||
<p>Congratulations, the flag is: Sup3rS3cr3tFl4g</p>
|
||||
<p>The second flag is in the cookies :-)</p>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user