I'd love to see how people solved #2, and if they used any special tools like I ...

EwanToo · on Feb 23, 2012

For 2, I just used this short command line:

I've stuck it on pastebin instead of in this comment, so it doesn't spoil it for anyone not looking.

mkopinsky · on Feb 23, 2012

Tool used: One line of javascript, entered in location bar. (Seems Chrome resource inspector doesn't allow the edit I needed.)

Ideka · on Feb 23, 2012

Damn, I always forget you can actually just use javascript to "do it", and end up using a Firefox add-on.

mkopinsky · on Feb 26, 2012

If I were in Firefox at the time I would have used Firebug (or I guess Firecookie, I don't remember if Firebug allows native editing of cookies), but I just happened to have Chrome running at the time.

chubot · on Feb 23, 2012

FWIW I looked at the source and recognized the exploit.

From there you basically only need curl.

curl --user user:pw --digest does digest authentication.

curl --verbose will show what headers are being sent down from the server.

curl --headers 'Cookie: blah' will send a header back.

So no special tools required.

mirkules · on Feb 23, 2012

My first thought before I realized you could actually see the php code, was that it was some kind of sanitizing input exploit, maybe SQL injection (with the name or age) or, since the HTML input fields had "length" to go over that.

Once I figured out what to do, it was only a matter of finding the right tool to do it. I didn't realize curl could [edit: --redacted--] (cool!), but I used OWASP ZAP and did a [edit: --redacted--]. Same method, different tool. Btw, thank you for explaining the curl options, I normally don't use curl much, but apparently I should :)

EDIT: Redacted stuff so as not to ruin the fun for others

Ogre · on Feb 23, 2012

I used a Firefox add-on that lets you [mumble mumble]. I found at least two add-ons that looked like they would work when I googled it.

mirkules · on Feb 23, 2012

I love all the different responses on this -- I used OWASP ZAP to do it.