Help folks.

Bad threads go here

Help folks.

Post by VeseliTigar on Thu Jul 22, 2010 4:00 pm
([msg=42443]see Help folks.[/msg])

Hy i am new to the hackthissite.org. I am having one problem, so i would realy appreciate help.
Okay i am trying to find bug on one site. www.dernek.ba .
So i find out that they have script otvori(eng: open)=filename.php. They use include function to open file you enter in open.
I tried to get include my file from my server. But if i type "/" slash they block it. I tried inputing html special chars code
for the slash but that doesn't give any result too. So i would realy appreciate help. They too add extension .php on the end
of anything you type in open.

If you wana try here's url : http://dernek.ba/?otvori=input your code here.

Thanx.
VeseliTigar
New User
New User
 
Posts: 8
Joined: Thu Jul 22, 2010 3:53 pm
Blog: View Blog (0)


Re: Help folks.

Post by Skiddie Killer on Thu Jul 22, 2010 4:23 pm
([msg=42446]see Re: Help folks.[/msg])

HTS doesn't support illegal activities.
Pozdrav! :D
User avatar
Skiddie Killer
New User
New User
 
Posts: 46
Joined: Sat May 22, 2010 6:46 am
Blog: View Blog (0)


Re: Help folks.

Post by Bren2010 on Thu Jul 22, 2010 5:15 pm
([msg=42447]see Re: Help folks.[/msg])

You're kidding! That's so freaking easy it's funny. But alas, HTS does not support illegal activities. :(
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Help folks.

Post by sanddbox on Thu Jul 22, 2010 5:20 pm
([msg=42448]see Re: Help folks.[/msg])

Actually, they don't add .php at the end, as you can tell from here.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Help folks.

Post by Bren2010 on Thu Jul 22, 2010 5:21 pm
([msg=42449]see Re: Help folks.[/msg])

Actually they do, as you can see from here. It's an .htaccess trick I used to use all the time.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Help folks.

Post by sanddbox on Thu Jul 22, 2010 5:35 pm
([msg=42451]see Re: Help folks.[/msg])

You're right. My bad xD

@OP: I really shouldn't help you, but you might as well know not to bother with null byte injection as they're only using PHP.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Help folks.

Post by Bren2010 on Thu Jul 22, 2010 5:39 pm
([msg=42453]see Re: Help folks.[/msg])

I already tried it. It doesn't work. I have no effing idea why though. :evil:
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Help folks.

Post by insomaniacal on Thu Jul 22, 2010 8:20 pm
([msg=42487]see Re: Help folks.[/msg])

Regardless, I need to lock this, it's a clear violation of the rules. No warn this time, but please read the rules before posting.

Thanks.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)



Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests