http://li1739-37.members.linode.com/login?p=login Return to referer URL

Method
POST
HTTP Status
302
IP
149.34.244.170
Profiled on
Token
fa6bfb

n/a

Request

GET Parameters

Key Value
p 
"login"

POST Parameters

Key Value
_password 
"******"
_username 
"admin' or '1'='1"

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_controller 
"App\Controller\SecurityController::login"
_firewall_context 
"security.firewall.map.context.main"
_route 
"login"
_route_params 
[]

Request Headers

Header Value
accept 
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8"
accept-encoding 
"gzip, deflate"
accept-language 
"en-US,en;q=0.5"
connection 
"keep-alive"
content-length 
"73"
content-type 
"application/x-www-form-urlencoded"
cookie 
"PHPSESSID=j4m71omesnahdo9hod0m8fef3v"
dnt 
"1"
host 
"li1739-37.members.linode.com"
origin 
"http://li1739-37.members.linode.com"
priority 
"u=0, i"
referer 
"http://li1739-37.members.linode.com/login"
sec-gpc 
"1"
upgrade-insecure-requests 
"1"
user-agent 
"Mozilla/5.0 (Windows NT 10.0; rv:130.0) Gecko/20100101 Firefox/130.0"
x-php-ob-level 
"1"

Request Content

Raw

_username=admin%27+or+%271%27%3D%271&_password=admin%27+or+%271%27%3D%271

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Wed, 25 Sep 2024 21:16:40 GMT"
location 
"http://li1739-37.members.linode.com/login"
x-debug-token 
"fa6bfb"

Cookies

Request Cookies

Key Value
PHPSESSID 
"j4m71omesnahdo9hod0m8fef3v"

Response Cookies

No response cookies

Session

Session Metadata

Key Value
Created 
"Wed, 25 Sep 24 21:12:38 +0000"
Last used 
"Wed, 25 Sep 24 21:12:39 +0000"
Lifetime 
"0"

Session Attributes

Attribute Value
_security.last_error 
Symfony\Component\Security\Core\Exception\BadCredentialsException {#383
  -token: Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken {#205 …}
  #message: "Bad credentials."
  #code: 0
  #file: "/var/www/html/grid/vendor/symfony/security-core/Authentication/Provider/UserAuthenticationProvider.php"
  #line: 68
  -previous: Symfony\Component\Security\Core\Exception\UsernameNotFoundException {#385 …}
  trace: {
    /var/www/html/grid/vendor/symfony/security-core/Authentication/Provider/UserAuthenticationProvider.php:68 {
      Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(TokenInterface $token) …
      › if ($this->hideUserNotFoundExceptions) {    throw new BadCredentialsException('Bad credentials.', 0, $e);}
    }
    /var/www/html/grid/vendor/symfony/security-core/Authentication/AuthenticationProviderManager.php:85 {
      Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(TokenInterface $token) …
      › try {    $result = $provider->authenticate($token);}
    /var/www/html/grid/vendor/symfony/security-http/Firewall/UsernamePasswordFormAuthenticationListener.php:100 {
      Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Request $request) …
      › 
      ›     return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));}
    }
    /var/www/html/grid/vendor/symfony/security-http/Firewall/AbstractAuthenticationListener.php:141 {
      Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->authenticate(RequestEvent $event) …
      › 
      › if (null === $returnValue = $this->attemptAuthentication($request)) {    return;
    }
    /var/www/html/grid/vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:49 {
      Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate(RequestEvent $event) …
      › try {    $ret = $this->listener->authenticate($event);} catch (LazyResponseException $e) {
    }
    /var/www/html/grid/vendor/symfony/security-http/Firewall/AbstractListener.php:27 {
      Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke(RequestEvent $event) …
      › if (false !== $this->supports($event->getRequest())) {    $this->authenticate($event);}
    }
    /var/www/html/grid/vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:62 {
      Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners(RequestEvent $event, iterable $listeners) …
      › $wrappedListener = $listener instanceof AbstractListener ? new WrappedLazyListener($listener) : new WrappedListener($listener);$wrappedListener($event);$wrappedListeners[] = $wrappedListener->getInfo();
    }
    /var/www/html/grid/vendor/symfony/security-http/Firewall.php:98 {
      Symfony\Component\Security\Http\Firewall->onKernelRequest(GetResponseEvent $event) …
      › if ($event instanceof RequestEvent) {    $this->callListeners($event, $authenticationListeners());} else {
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:126 {
      Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(Event $event, $eventName, EventDispatcherInterface $dispatcher) …
      › 
      › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher);}
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:264 {
      Symfony\Component\EventDispatcher\EventDispatcher->doDispatch($listeners, $eventName, Event $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:239 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, $event) …
      › if ($event instanceof Event) {    $this->doDispatch($listeners, $eventName, $event);}
    /var/www/html/grid/vendor/symfony/event-dispatcher/EventDispatcher.php:73 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch($event) …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/html/grid/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:168 {
      Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch($event) …
      › try {    $this->dispatcher->dispatch($event, $eventName);} finally {
    }
    /var/www/html/grid/vendor/symfony/http-kernel/HttpKernel.php:134 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MASTER_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/html/grid/vendor/symfony/http-kernel/HttpKernel.php:80 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/html/grid/vendor/symfony/http-kernel/Kernel.php:201 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/html/grid/public/index.php:25 {$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();
    }
  }
}
_security.last_username 
"admin' or '1'='1"

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"167aac464ff93a146ee252928c840d7b"
AWS_KEY 
"not-a-real-key"
AWS_SECRET 
"@@not-a-real-secret"
DATABASE_URL 
"mysql://grid_user:rxqCC2mLxPb4DEES@localhost:3306/grid_db?serverVersion=5.7"
MAILER_URL 
"smtp://mail.mpt-soft.com:2525?auth_mode=login&username=no-reply@mpt-soft.com&password=%3FgL%23oX%40%40e%21Bp"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
"73"
CONTENT_TYPE 
"application/x-www-form-urlencoded"
CONTEXT_DOCUMENT_ROOT 
"/var/www/html/grid/public"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www/html/grid/public"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/var/www"
HTTP_ACCEPT 
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8"
HTTP_ACCEPT_ENCODING 
"gzip, deflate"
HTTP_ACCEPT_LANGUAGE 
"en-US,en;q=0.5"
HTTP_CONNECTION 
"keep-alive"
HTTP_COOKIE 
"PHPSESSID=j4m71omesnahdo9hod0m8fef3v"
HTTP_DNT 
"1"
HTTP_HOST 
"li1739-37.members.linode.com"
HTTP_ORIGIN 
"http://li1739-37.members.linode.com"
HTTP_PRIORITY 
"u=0, i"
HTTP_REFERER 
"http://li1739-37.members.linode.com/login"
HTTP_SEC_GPC 
"1"
HTTP_UPGRADE_INSECURE_REQUESTS 
"1"
HTTP_USER_AGENT 
"Mozilla/5.0 (Windows NT 10.0; rv:130.0) Gecko/20100101 Firefox/130.0"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"p=login"
REDIRECT_QUERY_STRING 
"p=login"
REDIRECT_SCRIPT_URI 
"http://li1739-37.members.linode.com/login"
REDIRECT_SCRIPT_URL 
"/login"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/login"
REMOTE_ADDR 
"149.34.244.170"
REMOTE_PORT 
"33288"
REQUEST_METHOD 
"POST"
REQUEST_SCHEME 
"http"
REQUEST_TIME 
1727299000
REQUEST_TIME_FLOAT 
1727299000.1696
REQUEST_URI 
"/login"
SCRIPT_FILENAME 
"/var/www/html/grid/public/index.php"
SCRIPT_NAME 
"/index.php"
SCRIPT_URI 
"http://li1739-37.members.linode.com/login"
SCRIPT_URL 
"/login"
SERVER_ADDR 
"172.104.159.37"
SERVER_ADMIN 
"[no address given]"
SERVER_NAME 
"li1739-37.members.linode.com"
SERVER_PORT 
"80"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
"<address>Apache/2.4.29 (Ubuntu) Server at li1739-37.members.linode.com Port 80</address>\n"
SERVER_SOFTWARE 
"Apache/2.4.29 (Ubuntu)"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,AWS_KEY,AWS_SECRET,DATABASE_URL,MAILER_URL"
USER 
"www-data"
proxy-nokeepalive 
"1"