Challenge: The Cookie is a lie  Go to the The Cookie is a lie challenge

First of all I'm happy to anounce my new chall.

To make a clean breast for this challenge:

The Portal theme is not important, I only played with this game recently, found cool and was a good theme for this chall. This challenge is an offline challenge. This means you need a working apache + mysql + php environment to solve this challenge. It is because we can't guarantee the site security as far as this challenge is online on wechall, but the good news are that it is not "another fake simulated SQL injection challenge".
The checking of the solutions is offline as well. I hate it, but can't do any application which could check every solution properly. If anyone has any idea for an online solution checker, let me know

If you have no apache + mysql + php environment, I suggest to use xampp on Windows and Linux, and mamp on Mac. After downloading them you can setup a working environment in minutes. But solving the challenge needs some more time.

First you have to setup an admin password for mysql, then login to it with
> mysql -u root -p
after that create a user with:
> create user 'www-user'@'localhost' identified by 'cube';
and create a database with
> create database test;
change database:
> use test;
create table:
> create table experience (id int, filename varchar(500));
and insert a row into it (it is not necessary, but some solutions need it):
> insert into experience values(1,'test');
> commit;
grant privileges:
> grant select on test.* to 'www-user'@'localhost';

Put experience.php_txt under htdocs directory, rename to experience.php, start the apache web server and you can access the experience.php via the webserver like
http://127.0.0.1/experience.php
Now you can test on your own environment. For testing the cookie stealing, you have to create some cookie for the challenge - it should not be hard.

Good luck and don't forget to block every incoming connection to your whole test environment, except localhost


Update: mysql_connect was removed in PHP 7.0.0, please use older version of PHP or refactor the scripts to use mysqli_* functions.

A small modification was needed in the experience.php
Sorry for the inconvenience.

For those who are lazy, here is the link to the new challenge:
The Cookie is a lie

I hope you will like it, and have fun exploiting it.

Happy Challenging
Gizmore

*BUMP*

We have a bug here for deleted posts?

Don't think so? You might have been confused because Z edited his post above (probably with "mark as new"). I was, at least. :)

Hi All,
I sent a PM to GlaDOS (Z) a few days ago and have not gotten a response. Looks like Z has been inactive since February 2019.
Is there an alternative PM to use when Z is out on holiday/vacation or whatever?

spaceone was working on an automated solution.
The state of this is not well known to me, but i guess we will enhance the challenge experience prior to think of removal.

Jeah, I have a script which automatically checks the solution. It works for the most obvious ways.
We could activate it either or add this script to the admin panel so that it is easier to check the solution. I am open for both.

If Z doesn't respond you can send me also a PM/email

Hello !
Neither Z nor Space answered my PM I sent one month ago;
Is there someone else whom I can PM with my solution ?

You can DirectPrivageMessage me.
But i am invulnerable to social engineering.