In the second mission, the objective was to get the source code of a site, using their script, which will post the file contents of whatever you input into the box. Okay, well, so if we put a filename in the box, it would only show something that is in current working directory. In the sample, it wanted something that was _not_ in the current directory. Here is the function:
$blarghonkhonk = file_get_contents($_POST['filename'].'.php');
(again variables and such changed as to not 'steal' from the source site)
Ok. So, as I pointed out earlier, the function will only grab a file _in_ the current directory that the script was located in. So, the file we want, is 2 levels above it. Here's where knowing how to navigate through a filesystem comes in handy :P So, two levels that would be ../../ Okay, and we wanted the index.php so the answer would be:
../../index
Voila Completed! In about 2 seconds (or however long it takes to read the objective)
The first time I read it, it sounded a lot more complicated than it actually was. I was thinking you would have to use RFI or Remote File Inclusion. Which you would have to input thesitenamethatshalnotbenamed.x/index.php So, there's some extra reading for those who care to learn a bit about RFI's :D
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment