-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
32 lines (27 loc) · 836 Bytes
/
index.php
File metadata and controls
32 lines (27 loc) · 836 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?php
session_start();
$users = [
'admin' => 'GT2@#!Jzsdda9#1@',
'guest' => 'guest123', // Guest Creds leaked in documentation
'michael' => 'Password123!', // Weak Password for Brute-force
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user = $_POST['username'];
$pass = $_POST['password'];
if (isset($users[$user]) && $users[$user] === $pass) {
$_SESSION['username'] = $user;
header('Location: dashboard.php');
exit;
} else {
$error = "Invalid credentials.";
}
}
?>
<h2>Vuln Note</h2>
<h3>Login</h3>
<form method="POST">
<input name="username" placeholder="Username"><br>
<input name="password" type="password" placeholder="Password"><br>
<button type="submit">Login</button>
</form>
<?php if (isset($error)) echo "<p style='color:red'>$error</p>"; ?>