I've been practicing in security-related topics and I came upon this problem which I don't understand at all. You receive a form with one input named pass
, and this is the code you need to bypass:
<?php
error_reporting(0);
session_save_path('/home/mawekl/sessions/');
session_start();
echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>';
echo 'This task is as hard to beat as the castle which you can see on the bottom.<br>';
echo '<pre>';
include('./ascii.txt');
echo '</pre><br>';
$_SESSION['admin_level']=1;
if (!isset($_POST['pass']) || md5($_POST['pass'])!='castle')
{
echo '<b>Wrong or empty password.</b><br>';
$_SESSION['admin_level']=0;
}
If it enters the final if statement, you lose (Need to make it so $_SESSION['admin_level']
stays at 1
).
Any help is appreciated, thanks!
Clarification:
I can't edit the code I posted. It's a challenge. All I can do is send a password through an input whose name is "pass". Yes, I know md5 is supposed to return a 32-char long string. That's the challenge.