-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathbrokenauthentication_captcha_bypass.php
51 lines (36 loc) · 1.53 KB
/
brokenauthentication_captcha_bypass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
include "includer.php";
#echo print_r($_SESSION);
$message = "";
if(isset($_POST["form"])){
#echo "POST :: ";
if(isset($_SESSION["captcha"]) && ($_POST["captcha_user"] == $_SESSION["captcha"])){
if($_POST["username"] == $loglogin && $_POST["password"] == $passpassword){
$message = "<font color=\"green\">Successful login!</font>";
}
else{
$message = "<font color=\"red\">Invalid credentials! Did you forgot your password?</font>";
}
}
else{
$message = "<font color=\"red\">Incorrect CAPTCHA!</font>";
}
}
?>
<div class="container">
<h1>Broken Authentication Captcha Bypassing</h1>
<p>Enter your credentials (jot/form)</p>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST">
<p>
<label for="username">Username:</label><br>
<input tpye="text" id="username" name="username" size="30" autocomplete="off"/><br>
<label for="password">Password:</label><br>
<input type="text" id="password" name="password" size="30" autocomplete="off"/><br>
<p><iframe src="captcha_box.php" scrolling="no" frameborder="0" height="70" width="350"></iframe></p>
<p><label for="captcha_user">Re-enter CAPTCHA:</label><br />
<input type="text" id="captcha_user" name="captcha_user" value="" autocomplete="off" /></p>
<button type="submit" name="form" value="submit">LogIn</button><br>
</p>
</form>
<?php echo $message;?>
</div>