Saturday, July 26, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 32   
  • · Total Members: 15,633
  • · Newest Member: leprechaun
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1285   
    cruizrisner1061   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Advanced Challenges
    how did i pass level 3
    Register FAQ Members List Today's Posts Search

    Print Thread
    12-25-2013 03:37 AM how did i pass level 3
    luckly, i passed lv3 by doing uploading XXX.jpg (size XXX).
    but other size of YYY.jpg is not uploaded.
    This means file size filter and extension name on server side. right ???
     
    Offline
    12-25-2013 05:32 AM RE: how did i pass level 3
    No. I think you really were just luck. We are talking about Adv 3 right?

    The goal of that challange is to upload a .jpeg file indeed. If you iust have that file on the server there would be no harm. Because a jpeg cannot get executed. However if you have a LFI vulnerabilty you are maybe able to "execute" the "code" inside a jpeg.

    So in the end you do not pass the filtering function but rather trick the system.

    http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf => 5.2 Uploading user content with Embedded PHP code
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    02-05-2014 12:02 PM RE: how did i pass level 3
    Teddy wrote:
    No. I think you really were just luck. We are talking about Adv 3 right?

    The goal of that challange is to upload a .jpeg file indeed. If you iust have that file on the server there would be no harm. Because a jpeg cannot get executed. However if you have a LFI vulnerabilty you are maybe able to "execute" the "code" inside a jpeg.

    So in the end you do not pass the filtering function but rather trick the system.

    http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf => 5.2 Uploading user content with Embedded PHP code



    This is a HUGE HUGE HUGE HUGE HUGE clue, if you cannot pass the challenge after this post, you should give up Pfft
     
    Offline
    05-25-2014 04:35 PM RE: how did i pass level 3
    yES. aMAzing clue. That is all Smile
     
    Offline
    06-11-2014 10:02 PM RE: how did i pass level 3
    good .....
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard