POST exploit in submit.php

Prince781 / Snakes

Like the game Snake, but with an adversary

1 stars 0 forks source link

POST exploit in submit.php #4

Open Prince781 opened 11 years ago

Prince781 commented 11 years ago

There is an exploit enabling anyone to send a POST request to submit.php via an unauthorized method, using basic Unix tools:

#!/bin/sh
function snakes_post_exploit() {
    # Use: snakes_post_exploit <username> <score> <level>
    curl -d "username=$1&score=$2&level=$3" http://dev.bumbuu.com/games/snakes/submit.php           
}

Prince781 commented 11 years ago

I've checked and the exploit doesn't seem to work anymore. Can someone else confirm this?

benwaffle commented 11 years ago

still works:

#!/bin/sh
function snakes_post_exploit() {
    # Use: snakes_post_exploit <username> <score> <level>
    curl -# -b cookies -c cookies -d "username=$1&score=$2&level=$3" -o out http://dev.bumbuu.com/games/snakes/ http://dev.bumbuu.com/games/snakes/submit.php && rm cookies out           
}