Skip to content

Shorty Authentication Bypass

by on April 16, 2010
(This post was posted originally at my personal own blog and also featured in the website)
Today, reading some stuff at internet I have found an article about 7 PHP scripts to generate shorts URLs. This kind of links are very common today with a lot of controversy about the security risk that they implied. I’m not here (now) to discuss about shorting URL’s services but to talk about a stupid bug that I have found in the first (!!!) software that WebResourcesDepot recommend today.
Shorty is a script very old… From 2006. Why are they recommending it in the first place? Second: Did they try to install it? A lot of errors appears when you try a fresh install and some pain until you can fix it. Buggy from the scratch.
I then decided to read some source code. I have found that in functions.php is some bug that we can use to bypass the login form. Let’s go to read some php code:
function authenticate(){
$cookie = @$_COOKIE['snickerdoodle'];
if($cookie == "polarbears"){
} else {
exit("Not logged in.");

function verify(){
$cookie = $_COOKIE['snickerdoodle'];
} else {
$cookie = '';
if($cookie == "polarbears"){
return 1;
} else {
return 0;
As you can read this code generates a cookie with the name “snickerdoodle” and the value “polarbears” to determine if you are authenticated or not. Its very easy to create a new cookie into your browser with this data with some Firefox extension. If you are using a browser without extensions like Google Chrome you can try to write the next javascript sentence into your URL:
If you don’t want to install Shorty (and mess around with all the hacks you have to do use it) you can always use the search intitle:”Shorty (Beta)” to found some places to test it.
Have fun!
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: