I change my own variables.
This site is run by a serious web admin. But the web developer doesn't know that much. URL: moo.com (any script you want); Exploit this code:
- The part of foreach statement will take all of form's inputs and convert them into php variables with the correct variable names and values. And the password initialization is above the foreach part, so we can inject it.
- Input following URL and check.
- It's done.