3

I was testing small script to try to find out the difference

test.php:

<html>
   <body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
    <h1>Authentication v 0.04</h1>
    <form action="" method="GET">
     Login&nbsp;<br/>
     <input type="text" name="username" /><br/><br/>
     Password&nbsp;<br/>
     <input type="password" name="password" /><br/><br/>
     <br/><br/>
     <input type="submit" value="connect" /><br/><br/>
    </form>
<fieldset><legend>Authentication log</legend><pre>

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo $_GET['username'].'Failed';
$first_line = strstr($_GET['username'], "\n", true);
?>
</pre></fieldset></body></html>

When i try to make Get request Like this :

http://localhost/test.php?username=%0D%0Aadmin%0D%0whatever&password=password

the result :

admin authenticated
whatever failed

how i got this result ?

& if want to check if there is 2 lines

i can check with 

$first_line = strstr($_GET['username'], "\n", true);

now i check for \n not %0D%0A

so what is the difference between them ?

Vendetta
  • 97
  • 1
  • 3
  • 11

1 Answers1

6

\n is just \n while %0D%0A is \r\n.

Here is another stack overflow post that talks about the difference between \r and \n

Community
  • 1
  • 1
honerlawd
  • 1,499
  • 11
  • 10
  • but why when i try localhost/test.php?username=%0D%0Aadmin/… it will print admin/n whatever in same line ??? and prints '/n' as string – Vendetta Jun 05 '16 at 16:59
  • What are you using to display the string? If you use `var_dump` it will display the string just fine. if you use `echo` you will have issues. Either way both symbols are decoded and displayed correctly so I am not sure what problems you are having? Trim the characters (using `trim`) if you are having issues with it. BTW `\r` and `\n` behave differently on different operating systems. – honerlawd Jun 06 '16 at 13:23