The following page unsafe.php
(source) is a mockup of a badly written user login page.
The programmer implemented the login page poorly because of a misunderstanding about cookies.
Without peeking at the source, figure out the following:
stepp
, reges
, helenem
, and jessica
. The password for stepp
is booyah
but you don't know the others...uwnetid
, password
, and loggedin
.uwnetid
to a name such as reges
and set the cookie loggedin
to true
(such as in Firebug Cookies tab → Cookies → Create Cookie), it will think you are logged in even if you don't know any password.