OverTheWire Wargames :: Natas

Level 23 > Level 24

natas23-01

<html>
<head>[...]</head>
<body>
<h1>natas23</h1>
<div id="content">

Password:
<form name="input" method="get">
    <input type="text" name="passwd" size=20>
    <input type="submit" value="Login">
</form>

<?php
    if(array_key_exists("passwd",$_REQUEST)){
        if(strstr($_REQUEST["passwd"],"iloveyou") && ($_REQUEST["passwd"] > 10 )){
            echo "<br>The credentials for the next level are:<br>";
            echo "<pre>Username: natas24 Password: <censored></pre>";
        }
        else{
            echo "<br>Wrong!<br>";
        }
    }
    // morla / 10111
?>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

We need to include a parameter passwd that both contains the string “iloveyou” and is greater than 10. That seems really strange but it’s possible, given a peculiarity in the way PHP handles strings. “11iloveyou” should convert to the integer 11 when converted, and of course contains “iloveyou.”

natas23-02

Sweet.

OsRmXFguozKpTZZ5X14zNO43379LZveg