PHP

Basic IDOR with hash as user identifier

by Brumens

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Basic IDOR with hash as user identifier

Access the admin user that has the id 1 from the users list presented in the PHP code.

Hints

Hint #1

expand_more

An MD5 hash is used to identify users and uses a very poorly designed function to create these hashes. How is this hash created?

Hint #2

expand_more

You know the username and you know the ID. Can you create a hash from these factors?

Solution

Read the solution

expand_more

The hash is created by subtracting the username with an id (username index in the list). The username of our target is admin which we know has the id 1.

We can create our own MD5 hash by running a shell command as follows:

echo -n 'admin1' | md5sum

hash :

e00cf25ad42683b3df678c61f42c6bda

When we input this hash into the input field we can see the details of the user admin and the flag.

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result