Aerosol Posted December 16, 2014 Report Posted December 16, 2014 Hello all,this is a little tutorial for takeover a website by using simple session variables at first we need a shell on the target with rights to excute php comands.and we need a target like a admin panel maybe you want to grab the pw & usernamebut you failed because the hash is hashed in sha256 or something like that.so we need a other way to login in this time we can use they own login methodif(!empty($_POST["pw"]) && !empty($_POST["us"])){ $row = mysql_fetch_object($res); if(md5($_POST["pw"])==$row->password && $_POST["us"]==$row->username){ $_SESSION["adminID"] = $row->adminID; $_SESSION["username"] = $row->username; $_SESSION["login"] = "1"; header("Location: users.php"); }}else{exit();} we see here a login with using sessions Note :Sessions are server-side variables.if we wont access to that admin panel we need just to do that :$_SESSION["adminID"] = "0";$_SESSION["username"] = "admin";$_SESSION["login"] = "1"; and we call the php file with that content and we can access the admin panel and we bypass the site authenticationCredits to: T3N38R15 1 Quote
