Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by thePhatPhriar on Fri Jan 13, 2012 7:39 pm
([msg=63674]see Re: Please ask questions ONLY in this topic.[/msg])

I have a pretty off-topic query. And this may seem a little confusing, but I can't write out the URL explicitly without giving away spoilers.

So once you get to the web page where you can read poetry, if you add a simple forward slash to the end of the URL, the page becomes almost entirely white. For example http://www.example.com/example.php is normal, but http://www.example.com/example.php/ becomes weird.

I'm not a pro with HTML, but I didn't see anything in the code that would cause something like that to happen, so I'm wondering if someone could explain what is going on...?
thePhatPhriar
New User
New User
 
Posts: 3
Joined: Thu Jan 12, 2012 11:37 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by DegreesKelvin on Sat Jan 14, 2012 2:49 am
([msg=63677]see Re: Please ask questions ONLY in this topic.[/msg])

thePhatPhriar wrote:I have a pretty off-topic query. And this may seem a little confusing, but I can't write out the URL explicitly without giving away spoilers.

So once you get to the web page where you can read poetry, if you add a simple forward slash to the end of the URL, the page becomes almost entirely white. For example http://www.example.com/example.php is normal, but http://www.example.com/example.php/ becomes weird.

I'm not a pro with HTML, but I didn't see anything in the code that would cause something like that to happen, so I'm wondering if someone could explain what is going on...?

When you place a / at the end your browser will request "http://www.example.com/example.php/index.php" because it will think its a folder and find the default index page. If not found it will give a 404 page.
[14:33:02] <FlutterBurp> Dear princess celestia, i finally found out what Alt + F4 Does, i lost a important document thanks to you. Yours pissed off Twilight sparkle.
User avatar
DegreesKelvin
New User
New User
 
Posts: 32
Joined: Wed Jan 04, 2012 6:36 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Jan 14, 2012 11:25 am
([msg=63681]see Re: Please ask questions ONLY in this topic.[/msg])

DegreesKelvin wrote:
thePhatPhriar wrote:I have a pretty off-topic query. And this may seem a little confusing, but I can't write out the URL explicitly without giving away spoilers.

So once you get to the web page where you can read poetry, if you add a simple forward slash to the end of the URL, the page becomes almost entirely white. For example http://www.example.com/example.php is normal, but http://www.example.com/example.php/ becomes weird.

I'm not a pro with HTML, but I didn't see anything in the code that would cause something like that to happen, so I'm wondering if someone could explain what is going on...?

When you place a / at the end your browser will request "http://www.example.com/example.php/index.php" because it will think its a folder and find the default index page. If not found it will give a 404 page.


Actually, the web server will as the browser is not concerned with the internals of server side. In a good number of cases, the above happens indeed (done by the server entirely of course). In reality, however, the URL you send to the server is just a String id for any kind of resource and is not necessarily mapped with the underlying filesystem 1 on 1. The server checks if the URL given is mapped to a resource it knows and returns to you with that resource (overly simplified explanation). Besides that, the server can be configured to serve some informal pages in several circumstances; 404 or 403 for example.
These informal pages can be custom, e.g. a blank page. Won't get into FORWARD vs. REDIRECT for now :)
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by nighthawk47 on Fri Jan 20, 2012 3:51 am
([msg=63786]see Re: Please ask questions ONLY in this topic.[/msg])

Wow, so much easier than I thought it was.

I do have a question though, I tried a few other things, and I was wondering why they would not work (highlight to show):
HTS RULES!!!

Thanks!!!
nighthawk47
New User
New User
 
Posts: 1
Joined: Fri Jan 20, 2012 3:49 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Fri Jan 20, 2012 2:51 pm
([msg=63798]see Re: Please ask questions ONLY in this topic.[/msg])

nighthawk47 wrote:Wow, so much easier than I thought it was.

I do have a question though, I tried a few other things, and I was wondering why they would not work (highlight to show):
*...kinda spoilish stuff...*

Thanks!!!



This mission is not even close to SSI
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Mon Jan 23, 2012 6:48 am
([msg=63834]see Re: Please ask questions ONLY in this topic.[/msg])

nighthawk47 wrote:Wow, so much easier than I thought it was.

I do have a question though, I tried a few other things, and I was wondering why they would not work (highlight to show):
HTS Rules!!!

Thanks!!!


If you think about it, you should come up with the answer yourself. Anyway, the site is just not vulnerable to this kind of attack. Nothing you save on the site will be run or displayed, so the server side includes you provided will not do anything. If you save them as a name, the script will just think it's the name of your poem and will (probably) internally report it can't create the file named Potential Spoiler Content But as it is not a real site, the script probably doesn't even save it and just gives you the message you're done when you did the right thing.

By the way, if you're just doing what you're told and don't try to think WHY you do it the way you do, you'll never be a good hacker. It's not about learning tricks, it's about finding them. Otherwise you'll just be a skiddie ripping off the work of others.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1146
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by limdis on Mon Jan 23, 2012 9:12 am
([msg=63836]see Re: Please ask questions ONLY in this topic.[/msg])

cyberdrain wrote:By the way, if you're just doing what you're told and don't try to think WHY you do it the way you do, you'll never be a good hacker. It's not about learning tricks, it's about finding them. Otherwise you'll just be a skiddie ripping off the work of others.


+1
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1395
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Mon Jan 23, 2012 3:38 pm
([msg=63841]see Re: Please ask questions ONLY in this topic.[/msg])

cyberdrain wrote:
nighthawk47 wrote:Wow, so much easier than I thought it was.

I do have a question though, I tried a few other things, and I was wondering why they would not work (highlight to show):
***

Thanks!!!


If you think about it, you should come up with the answer yourself. Anyway, the site is just not vulnerable to this kind of attack...


I'd suggest to edit your post before it earns you a massive warning.
cyberdrain wrote:Nothing you save on the site will be run or displayed

The poem you enter gets displayed for that matter.
The fact that SSI won't work either is because it's for static content and also due to the scenario itself. For dynamic stuff, the server itself won't process, and the scripting engine is not aware of SSI (being pointless).
Your explanation is quite right, but you also give away the solution with it.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Jan 25, 2012 12:38 pm
([msg=63870]see Re: Please ask questions ONLY in this topic.[/msg])

conscience wrote:I'd suggest to edit your post before it earns you a massive warning.

Sorry! When you answered the first message by nighthawk47 and it wasn't changed, I expected that if I quoted the thing it wouldn't matter. I hate spoilers myself, just didn't think that that was one (not being the correct way and all). Anyway, thank you for correcting it.
conscience wrote:The poem you enter gets displayed for that matter.

When I did it, I couldn't get it to display my poem after submitting, but that could just be me.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1146
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Wed Jan 25, 2012 3:17 pm
([msg=63874]see Re: Please ask questions ONLY in this topic.[/msg])

cyberdrain wrote:When I did it, I couldn't get it to display my poem after submitting, but that could just be me.


Sorry dude, I was goddamn tired. I forgot that your poems gets into a temporary storage (for those who did not finish yet: guess where and how :twisted: )
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests