Page 1 of 4

Extended basic 6

PostPosted: Sun Jun 08, 2008 7:29 pm
by footyfanatic77
I'm having a great deal of trouble with this mission. I understand the idea, but a nudge in the right direction would be great.
Thanks for your help. :D

Re: Extended basic 6

PostPosted: Wed Jun 18, 2008 3:06 pm
by Mindzai
footyfanatic77 wrote:I'm having a great deal of trouble with this mission. I understand the idea, but a nudge in the right direction would be great.
Thanks for your help. :D


Have a read up on PHP configuration, especially the register_globals setting :)

Re: Extended basic 6

PostPosted: Thu Jun 19, 2008 3:43 pm
by footyfanatic77
thank you so much!

Re: Extended basic 6

PostPosted: Mon Jun 30, 2008 7:16 pm
by AbyssV3
Eh, the solution that I eventually got to work, shouldn't work.

In fact I took the code and tested it, and tried the solution, and it didn't work in a real environment.

I got past this, but login should be theoretically always impossible. Unless I'm missing something? If I'm not, this mission is wrong.

Re: Extended basic 6

PostPosted: Thu Jul 03, 2008 2:46 am
by Aesmade
AbyssV3 wrote:Eh, the solution that I eventually got to work, shouldn't work.

In fact I took the code and tested it, and tried the solution, and it didn't work in a real environment.

I got past this, but login should be theoretically always impossible. Unless I'm missing something? If I'm not, this mission is wrong.

"This site in run by a new sysadmin who does not know much about web configuration"
I think the exploit is based on the PHP configuration, or it could be some bug in a previous version of PHP or something. I'm pretty sure I've seen something similar in some other site too, so it should be correct.

Re: Extended basic 6

PostPosted: Wed Jul 09, 2008 10:54 pm
by kfealz
After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server). So even if the sysadmin didn't know what he/she was doing while configuring the server, it is unlikely that he/she would have messed this up.

Regardless, it is still a good thing to know about as apparently register_globals can be used safely, so it's something to look for.

Really hoping I didn't break the spoiler rule on my first post... :)

Re: Extended basic 6

PostPosted: Fri Jul 11, 2008 3:42 pm
by CyberP1708
I have trouble with this one :-/
Not to find the solution (with register_globals, etc.) but to find what to submit for the script to accept it

I don't even know if the answer has to be like: "me.php?var=value&..." or like "var=value&..."
Do you have to add "&user=&pass=" ?

:-/

Re: Extended basic 6

PostPosted: Wed Jul 16, 2008 6:58 pm
by Qubit
kfealz wrote:After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server).
If you read that page again, you'll see that it was disabled by default in 4.2.0 and removed in 6.0.0.

...

PostPosted: Mon Jul 21, 2008 3:02 am
by Corvus
Wow. Case sensitivity, anyone? For some odd reason I kept using the wrong case...

Re: ...

PostPosted: Mon Jul 21, 2008 10:07 pm
by Qubit
Corvus wrote:Wow. Case sensitivity, anyone? For some odd reason I kept using the wrong case...

Yep, I couldn't do it for days because of case sensitivity. *sigh*