I use an
<img> tag with an src-attribute pointing to a script that loads the image from a non-public folder. When I test my website with a mobile connection, the scr-attributes path is changed from
src="http://188.8.131.52.bmi/example.com, I guess that has something to do with my mobile internet provider. The problem is, the image-providing script cannot identify the session of the incoming request anymore.
On a non-mobile WIFI connection, the src-attribute is not changed, everything works as expected and the session is found.
First of all, I’m new to PHP and coding in general.
I’m currently creating a web application which is intentionally vulnerable to teach students about web based vulnerabilities. The web app consists of levels with each level containing a different vulnerability.
On the current level, I am trying to set a cookie name “Authenticated” with a value of “0” when a user successfully logs into the level. When they reach the page, they receive a PHP error that they are not authenticated. I want them to be able to intercept the page request, change the value to “1”, and then as a result of this changed value, receive a PHP echo containing the password for the next level.
Here is my main page (level6.php):
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="../css/wargames.css">
<title>Generic Web App Title</title>
to Level 6!