[WEB SECURITY] A request for help for a challenge

Cris Noob cloakbot at hotmail.com
Wed Feb 9 18:09:53 EST 2011


Hello. I was told you guys might be able to help me out. I've been dared to complete this challenge and execute remote code on a server, but I'm stuck.

Basically, here's what I know:

http://pastebin.com/p89CGcrh

In case you're wondering, this is not for malicious purposes, I'm simply learning by completing one of the challenges here:
http://tasteless.phpnet.us/level_3.php

I've been googling for hours but I'm completely stuck. The author told me I'm not allowed to use LFI nor RFI, I simply need to provide some php code with a GET or POST request and get it executed. I tried file=php://input along with <?php phpinfo(); ?> in a POST request done via a web proxy, and it worked when I removed the part of the script that appends .html to the string. I'm not sure how to remotely disable the part that appends .html, so that's basically what I'm looking for. %00 is blocked (i think? It's not working). Other than that, I'm looking for any other possible solutions to the problem as well, not just this php://input solution.

I was hoping you guys would like a challenge ;-)

Thanks for your time,
Cris
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110210/d7fbc2a2/attachment-0003.html>


More information about the websecurity mailing list