guangyue / owasp-hackademic-challenges Goto Github PK

There are no hints or directions provided to indicate that the page is 
vulnerable by changing the USER AGENT to exploit PHP code execution.  The PHP 
version the headers are showing appears to be up-to-date, and no application 
data is given to indicate a vulnerable program.  The only real way to complete 
the challenge is by using the provided PHP source code, which is falls outside 
the bounds of a true-to-life exercise.

What steps will reproduce the problem?
(using Firefox 4 on Windows)
1. execute the su command in the shell
2. view page source related to the form submission of the username + password

Look just after the value="Login" should have a close ">"

Expected:
<form method="POST" action=""> <input type="text" name="username"><input 
type="password" name="password"><input type="submit" name="submit" 
value="Login"></form></html><hr><p>Enter 'help' for available commands.<p>

Given:
<form method="POST" action=""> <input type="text" name="username"><input 
type="password" name="password"><input type="submit" name="submit" 
value="Login"</form></html><hr><p>Enter 'help' for available commands.<p>

A closing bracket is missing in the HTML.  

What steps will reproduce the problem?
(using Firefox 4 on Windows)
1. goto adminpanel.php
2. view page source related to the form submission of the username + password

Look just after the value="Login" should have a close ">"

Expected:
<input type="submit" name="submit" value="Login"></form>

Given:
<input type="submit" name="submit" value="Login"</form>

A closing bracket is missing in the HTML.

What steps will reproduce the problem?
1. assign a domain name on the server
2. try to login

What is the expected output? What do you see instead?
Instead of redirecting me to the http://domain.tld/pages/home.php it goes to 
localhost/pages/home.php
it does not have to be a domain or internet aviable, it also does on pan or vpn 
(obviously) 

What version of the product are you using? On what operating system?
I have the version with the live CD as you share it during fosscom

i am looking to find the most possible redirects , in order to fix them .... i 
will let you know if i deal with it !

What steps will reproduce the problem?
1. Opening the main page on either IE8 or Firefox seems to replicate the 
problem of the login forms extending off of the page. Chrome loaded it 
correctly. 

Looking into the CSS in all three browsers I believe that adding "width: 100%" 
to the inputbox class will adjust it so that the forms are displayed correctly. 
This worked when I live edited the CSS in both IE and FF.