rverton · April 9, 2017 13:12
diff --git a/admin_console.php b/admin_console.php
 <?php
 session_start();

 if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
  echo "Try better cookie, bro!";
  die();
 }

 if (isset($_POST['url']) && isset($_POST['challenge'])) {
  $url = $_POST['url'];
  $challenge = substr(md5($_POST['challenge']), 0, 6);
  $expected = $_SESSION['challenge'];

  $_SESSION['challenge'] = substr(md5(random_bytes(16)), 0, 6);

  if ($challenge !== $expected) {
    echo "Prove your work first.";
    die();
  }

  $match = preg_match('/https?:\/\/[a-zA-Z0-9_\-.\/@%:]/', $url);
  if ($match) {
    $cmd = "phantomjs /worker.js '$url'";
    exec($cmd, $output);
    error_log($cmd);
    error_log(implode("\n", $output));

    echo 'Submitted!';
  } else {
    echo 'Stop hacking, bro!';
  }
 } else {
  $_SESSION['challenge'] = substr(md5(random_bytes(16)), 0, 6);
 ?>
 <!DOCTYPE html>
 <html lang="en">
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Admin Console</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
    <style>
 .center {
  margin-left: auto;
  margin-right: auto;
  display: block;
 }

 body {
  margin-top: 2em;
 }

 form {
  margin-top: 2em;
 }
    </style>
  </head>

  <body>
    <div class="container">
      <h2>Admin Console</h2>
      <div class="row">
        <form action="" method="POST">
          <div class="form-group">
            <label>Find a string `str` such that substr(md5(str), 0, 6) === '<?php echo $_SESSION['challenge']; ?>':</label>
            <input type="text" class="form-control" name="challenge" placeholder="Your answer" />
          </div>
          <div class="form-group">
            <label>Now give me a url to take a look.</label>
            <input type="text" class="form-control" name="url" placeholder="Url" />
          </div>
          <button type="submit" class="btn btn-default center">Submit</button>
        </form>
      </div>
    </div>
  </body>
 </html>
 <?php
 }
 ?>
	<?php
	session_start();

	if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
	echo "Try better cookie, bro!";
	die();
	}

	if (isset($_POST['url']) && isset($_POST['challenge'])) {
	$url = $_POST['url'];
	$challenge = substr(md5($_POST['challenge']), 0, 6);
	$expected = $_SESSION['challenge'];

	$_SESSION['challenge'] = substr(md5(random_bytes(16)), 0, 6);

	if ($challenge !== $expected) {
	echo "Prove your work first.";
	die();
	}

	$match = preg_match('/https?:\/\/[a-zA-Z0-9_\-.\/@%:]/', $url);
	if ($match) {
	$cmd = "phantomjs /worker.js '$url'";
	exec($cmd, $output);
	error_log($cmd);
	error_log(implode("\n", $output));

	echo 'Submitted!';
	} else {
	echo 'Stop hacking, bro!';
	}
	} else {
	$_SESSION['challenge'] = substr(md5(random_bytes(16)), 0, 6);
	?>
	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Admin Console</title>
	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
	<style>
	.center {
	margin-left: auto;
	margin-right: auto;
	display: block;
	}

	body {
	margin-top: 2em;
	}

	form {
	margin-top: 2em;
	}
	</style>
	</head>

	<body>
	<div class="container">
	<h2>Admin Console</h2>
	<div class="row">
	<form action="" method="POST">
	<div class="form-group">
	<label>Find a string `str` such that substr(md5(str), 0, 6) === '<?php echo $_SESSION['challenge']; ?>':</label>
	<input type="text" class="form-control" name="challenge" placeholder="Your answer" />
	</div>
	<div class="form-group">
	<label>Now give me a url to take a look.</label>
	<input type="text" class="form-control" name="url" placeholder="Url" />
	</div>
	<button type="submit" class="btn btn-default center">Submit</button>
	</form>
	</div>
	</div>
	</body>
	</html>
	<?php
	}
	?>