Web - Server

dimanche 8 janvier 2017, 06:55  #1
Web - Server - PHP Assert()
Dr3dD
Dr3dD
  • 2 posts

hello guys,
I have spent numerous hours trying to figure this one out, and I am struggling knowing if I am in the right direction or not.
Here is what I have tried so far :
 use a double encoded characters instead of "."
 put a null byte at the end of .passwd so it does try to access the right file
 inject my own code in the PHP assertion to try to read the file

I would appreciate if someone could give me a hint or let me know if i have the right ideas at all.

Thank you in advance,

samedi 14 janvier 2017, 18:39  #2
Web - Server - PHP Assert()
Testeur_de_stylos
Testeur_de_stylos
  • 10 posts

Sorry if I’m too late !
You should retry your third solution ;)

mardi 14 février 2017, 13:25  #3
Web - Server - PHP Assert()
xNULL
xNULL
  • 11 posts

I was able to display phpinfo() do I need it or is pure EVILNESS the right track ?

mardi 14 février 2017, 14:50  #4
Web - Server - PHP Assert()
ssiwko
ssiwko
  • 12 posts

Hi,
there’s no need for phpinfo.

focus on.... the title :)

mardi 14 février 2017, 16:22  #5
Web - Server - PHP Assert()
xNULL
xNULL
  • 11 posts

So being evil is the right track ?

mercredi 15 février 2017, 10:29  #6
Web - Server - PHP Assert()
ssiwko
ssiwko
  • 12 posts

what do you mean by "being evil" ?

mercredi 15 février 2017, 19:20  #7
Web - Server - PHP Assert()
xNULL
xNULL
  • 11 posts

At first I thought it’s in a directory like "/includes/evilness"
Then I have read the title -> read the doc -> tried it with co-hosted website file inclusion.
Base restriction -.-

mercredi 15 février 2017, 20:56  #8
Web - Server - PHP Assert()
xNULL
xNULL
  • 11 posts

I did it. It was much easier than I thought.
LOOOL

Nouvelle réponse Nouvelle réponse   Nouveau sujet Nouveau sujet