Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  4.63 6.02 6.29 |  Solved By 330 People  |  232237 views  |  since Aug 27, 2011 - 02:26:18

Stop us (Exploit, PHP)

You cannot stop us!
Noother has created a business to sell .xyz domains for some bucks.
Your job is to find a hole in the script that would allow purchases without paying for it.
You can test the script here.
To help you in debugging, you can take a look at the sourcecode, also as highlighted version.
There is a second file involved for the purchase table: noothtable.php, also as hightlighted version, but you probably don't need it.

Good luck!

Thanks go out to jjk and dloser for testing the challenge.
© 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by noother and Gizmore