Hack This Site! - Extbasic 12

Description:

I change my own variables.

Level 12

This site is run by a serious web admin. But the web developer doesn't know that much. URL: moo.com (any script you want); Exploit this code:


<?php
        $password = 'IWantToCow';
        foreach ($_GET as $key => $value)
        {
          $$key = $value;
        }
        if ($userpass == $password)
        {
                ok();
        }
        else
        {
                echo "&lt;form&gt;&lt;input type='text' name='usertext' /&gt;&lt;input type='submit'&gt;&lt;form&gt;";
        }
?>
 

 ___________________
|___________________|check

Solution:

1. The part of foreach statement will take all of form's inputs and convert them into php variables with the correct variable names and values. And the password initialization is above the foreach part, so we can inject it.
2. Input following URL and check.

   moo.com/?userpass=123&password=123

3. It's done.