Extended Basic 7

Learn how to do code review

Re: Extended Basic 7

Post by travmanx on Mon Feb 02, 2009 5:25 pm
([msg=17280]see Re: Extended Basic 7[/msg])

Eth3real wrote:If that's true, I'm not sure what the bug is, just the vuln. They are on the same line, right?
Thanks!


Correct. The bug is the easiest part to figure out, once you know that you know what line your going to use.
travmanx
New User
New User
 
Posts: 18
Joined: Tue Jan 20, 2009 10:53 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by BjornR on Tue Feb 03, 2009 2:06 pm
([msg=17322]see Re: Extended Basic 7[/msg])

The only thing $_SERVER['PHP_SELF'] will return is a relative URL to the path of the requested file.
How should one be able to exploit that?
I've read numerous educational PHP books, none sanitize that variable so i don't believe <?=$_SERVER['PHP_SELF']?> is the vulnerability.
I've added urlencode() and tried htmlentities() with ENT_QUOTES as 2nd argument.

There isn't more code to exploit on that line.
I don't hack people, my computer does.
User avatar
BjornR
New User
New User
 
Posts: 4
Joined: Tue Feb 03, 2009 10:52 am
Location: Zomergem, oo-VL, BE
Blog: View Blog (0)


Re: Extended Basic 7

Post by Defience on Wed Feb 04, 2009 10:18 am
([msg=17376]see Re: Extended Basic 7[/msg])

mutants_r_us_guild wrote:
travmanx wrote:I keep trying html**t*t**s to prevent against XSS. Can someone point me in the direction as to what to do next. Is this the only line that is bugged/vuln? Only other thing I can think of is to use addslashes() to prevent mysql injections. :(

Oh yeah I already changed the "way it handles the form".





close.. but its not html**t*t**s ... try something with a similar name but a tad different ;) Also.. no need to change the "way it handles the form". Just sanitize.


^^ says it all
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by Eth3real on Tue Feb 10, 2009 1:47 pm
([msg=17619]see Re: Extended Basic 7[/msg])

Do you submit the whole line, or just the piece of code that needs to be fixed?
Eth3real
New User
New User
 
Posts: 3
Joined: Mon Jan 12, 2009 7:45 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by Defience on Wed Feb 11, 2009 7:17 pm
([msg=17707]see Re: Extended Basic 7[/msg])

Eth3real wrote:Do you submit the whole line, or just the piece of code that needs to be fixed?


If you know which line it is, try it more than one way and I'm sure you'll get it ;)
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by yourmysin on Mon Mar 09, 2009 8:30 pm
([msg=19704]see Re: Extended Basic 7[/msg])

For anyone who's curious, it appears that this challenge is currently down.

I will edit this when it comes back up.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 84
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)


Re: Extended Basic 7

Post by dj_kat on Sun Mar 15, 2009 7:13 am
([msg=19987]see Re: Extended Basic 7[/msg])

yuri20071 wrote:side note: you should only submit 1 line of code

Defience wrote:
Eth3real wrote:Do you submit the whole line, or just the piece of code that needs to be fixed?


If you know which line it is, try it more than one way and I'm sure you'll get it ;)

Ok these tips make it more confusing rather than easier. To make this script work you need the edit more then one line. So how can you "know" which line to fix when you need to edit more then one line? That makes no sense. Are you suppose to post the whole thing or just one line?

edit: nvm I get it
dj_kat
New User
New User
 
Posts: 11
Joined: Sun Aug 10, 2008 12:53 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by Defience on Wed Mar 18, 2009 9:59 am
([msg=20136]see Re: Extended Basic 7[/msg])

dj_kat wrote:
yuri20071 wrote:side note: you should only submit 1 line of code

Defience wrote:
Eth3real wrote:Do you submit the whole line, or just the piece of code that needs to be fixed?


If you know which line it is, try it more than one way and I'm sure you'll get it ;)

Ok these tips make it more confusing rather than easier. To make this script work you need the edit more then one line. So how can you "know" which line to fix when you need to edit more then one line? That makes no sense. Are you suppose to post the whole thing or just one line?

edit: nvm I get it


Glad you got it. For others, it's one line.
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by haha01haha01 on Sat May 16, 2009 8:57 am
([msg=23815]see Re: Extended Basic 7[/msg])

I just finished this mission but i dont understand how did i do it :|
anyone care to explain why [Edited:removed] can cause an xss exploit? isnt it just... echoing the running script's name? :roll:
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: Extended Basic 7

Post by Defience on Wed May 20, 2009 8:54 am
([msg=23999]see Re: Extended Basic 7[/msg])

haha01haha01 wrote:I just finished this mission but i dont understand how did i do it :|
anyone care to explain why [Edited:removed] can cause an xss exploit? isnt it just... echoing the running script's name? :roll:


You would think that but there is more to it...hard to say too much with out spoiling it for others.
The element in question can be altered by a user to include any kind of malicious XSS code they desire. If you google your question you will find sites explaining it and why it's vulnerable.
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests