Friday, October 31, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 29   
  • · Total Members: 16,938
  • · Newest Member: chris1
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Advanced Challenges
    Adv#4
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-05-2013 07:48 PM Adv#4
    hai ppl what file need to include?
    /etc/passwd ?
     
    Offline
    04-05-2013 11:42 PM RE: Adv#4
    sorry there was a piece commented out in adv3 that says where the file was uplaoded not sure why it was commented
    "Remember hugs are worth more than handshakes"

    <Xires> 'smart' for a dog is still 'meh' for a retard
     
    Offline
    04-06-2013 04:29 AM RE: Adv#4
    Actually the hint was already displayed now we can see it twice Wink
     
    Offline
    04-12-2013 07:12 AM RE: Adv#4 | Edited by Guest 04-12-2013 02:43 PM
    Hi everone,

    I think I am not so far from the solution. I get the message :
    "uploads/5p0il3r.jpg cannot be found."

    So I think I have correctly bypass extension adding.

    Now I'am trying to get in the parent directory, to get the image. I know there is a filter to remove ../, and i tried to write it in many way (url encoding), but i'am not bypassing the filter.

    Can any one give me a hint ?

    Friendly,
    Asch.

    Edited by PublicEnemy: Removed Spoiler
     
    Offline
    04-12-2013 10:28 AM RE: Adv#4
    It is hard to give a hint without telling the solution. But may that two helps:

    - What would be the easiest way to get the "../" removed. Think about a php function that does it.

    - You know what gets removed. May you can use that information now to create a valid injection. Or at least valid after the filter.
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    04-16-2013 11:49 AM RE: Adv#4
    Okay I got it ^^
    Thank you very much Smile
     
    Offline
    06-18-2013 03:43 AM RE: Adv#4
    the null byte attack doesnt work what should i do for that?
     
    Offline
    07-21-2013 06:38 AM RE: Adv#4 | Edited by trietptm 07-21-2013 07:01 AM
    jaatrox wrote:
    the null byte attack doesnt work what should i do for that?


    Any idea, everybody?
    I try %%0000 but it doesn't work too.
    Update: I've found the trick Grin .
     
    Offline
    07-21-2013 09:26 AM RE: Adv#4
    Use another null character instead of %00
     
    Offline
    07-24-2013 10:05 AM RE: Adv#4
    yes atm the %00 is not working but there is still another way to bypass the appended file extension
    "Remember hugs are worth more than handshakes"

    <Xires> 'smart' for a dog is still 'meh' for a retard
     
    Offline
    09-22-2013 10:20 AM RE: Adv#4 | Edited by Teddy 09-22-2013 10:20 AM
    I do not know what would be the right way to bypass it because I did not tried it yet.
    But I found that one:
    http://security.stackexchange.com/questions/17407/how-can-i-use-this-path-bypass-exploit-local-file-inclusion-inclusion
    Even when it is not the way to bypass the challange it is still interested
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    01-02-2014 04:22 AM RE: Adv#4
    finished Smile

     
    Offline
    03-13-2014 05:57 PM RE: Adv#4 | Edited by Abhinav2107 03-13-2014 11:19 PM
    Greetings Folks!

    I've used both type of null bytes to escape the filter and to strip .php but I still keep getting the following error:
    <Spoiler Removed> cannot be found.

    Can someone be kind enough to guide me? Am I looking inside the wrong directory?
     
    Offline
    03-13-2014 11:21 PM RE: Adv#4
    There does exist a null byte that will work. Think escaping.
     
    Offline
    04-04-2014 04:03 PM RE: Adv#4
    hello all ,
    Why i cant do this ../ with this ....// ? that work or ?
    one ../ was deletet and then only stay one ../ and then i bypass the filter.

    but the Challenge say nop Sad pls give me a hint i stuck.

    kid regards T3N38R15
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard