Extbasic 2

Learn how to do code review

Re: Extbasic 2

Post by edilVin on Sun Jun 14, 2009 12:15 am
([msg=25337]see Re: Extbasic 2[/msg])

the answer is obvious if you read something like this http://forums.htmlhelp.com/lofiversion/ ... t2922.html please if this is a spoiler remove my post


"Seamos realistas y hagamos lo imposible" Ernesto Che Gevara
User avatar
edilVin
New User
New User
 
Posts: 15
Joined: Thu Mar 05, 2009 10:57 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by flava on Tue Jul 21, 2009 11:36 am
([msg=27145]see Re: Extbasic 2[/msg])

IS it asking for the information that should be replacing filename in $_POST['filename'] or the info that should be method='post'-ed?
Viking at heart.
User avatar
flava
New User
New User
 
Posts: 31
Joined: Sun Jul 19, 2009 2:00 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by Hecates_avatar on Sat Dec 26, 2009 10:14 am
([msg=31973]see Re: Extbasic 2[/msg])

nvm, my bad.
Hecates_avatar
New User
New User
 
Posts: 1
Joined: Sat Dec 26, 2009 10:12 am
Blog: View Blog (0)


Re: Extbasic 2

Post by msbachman on Tue Dec 29, 2009 3:56 pm
([msg=32274]see Re: Extbasic 2[/msg])

Jeez,

I finally got this one after reading pretty much everything I could find on $_POST and file_get_contents on w3schools and php.net.

Confused as hell as to WHY it worked though. I won't spoil it for others, but isn't it true that the answer (i.e. the source code for hack...site.org/index.php) would be stored in the variable $lvl_text? Or maybe I misconstrued how to go about solving this one, I guess the one hint I could give is not to think that what you enter is supposed to cat the whole thing out to your screen or whatever.

In short, then, I was wondering from someone more knowledgable of php than I am as to whether or not the whole "source code" is going to be stored in "$lvl_text", the variable.
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 685
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Extbasic 2

Post by h4ck3rz on Fri Jan 08, 2010 3:51 am
([msg=33037]see Re: Extbasic 2[/msg])

mike741 wrote:think of where your starting... where is the form your sending this info too... in relation to where you are trying to get?

i hope thats enuf without being a spoiler... I really dissaprove of this question as it is labeled blocking extensions but thats not the tricky part....

yeah, thanks for this.

but I wonder, why normal hackthissite.org/index doesn't work? It should work either. also, the index.php is located at the r*** of hackthissite.org, so a simple s***h should do it too, right? but why it doesn't work..?
h4ck3rz
New User
New User
 
Posts: 11
Joined: Mon May 26, 2008 8:53 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by eljonto on Fri Jan 08, 2010 6:48 am
([msg=33038]see Re: Extbasic 2[/msg])

h4ck3rz wrote:
mike741 wrote:think of where your starting... where is the form your sending this info too... in relation to where you are trying to get?

i hope thats enuf without being a spoiler... I really dissaprove of this question as it is labeled blocking extensions but thats not the tricky part....

yeah, thanks for this.

but I wonder, why normal hackthissite.org/index doesn't work? It should work either. also, the index.php is located at the r*** of hackthissite.org, so a simple s***h should do it too, right? but why it doesn't work..?


Imagine the script is executed from the extbasic page, so any filename you enter will be opened from that current directory, that's where you are, where do you need to be? Think directory transversal
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Extbasic 2

Post by AngelicPain93 on Mon Feb 22, 2010 3:42 pm
([msg=35540]see Re: Extbasic 2[/msg])

I am totally confused, i though that its impossible to obtain the source of php files like you would do with html

EDIT: done the mission, and thinking a bit more made me understand that the function is launched by the website so it serves the source to me ^^
User avatar
AngelicPain93
New User
New User
 
Posts: 3
Joined: Tue Feb 09, 2010 4:19 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by faazshift on Mon Feb 22, 2010 3:52 pm
([msg=35541]see Re: Extbasic 2[/msg])

AngelicPain93 wrote:I am totally confused, i though that its impossible to obtain the source of php files like you would do with html

You aren't trying to access the code directly. Your goal is to get a vulnerable script to give you the code. A vulnerable script would have access to the code. Trying directly with your browser, you wouldn't have access, except to the generated HTML. So, this just plays on that vulnerability.
faazshift
Contributor
Contributor
 
Posts: 516
Joined: Wed Jun 03, 2009 3:55 pm
Location: Riverton, Utah
Blog: View Blog (0)


Re: Extbasic 2

Post by Primux on Thu Mar 18, 2010 10:15 pm
([msg=37042]see Re: Extbasic 2[/msg])

For some reason I had thought that part of the address of the page was different directories, that was throwing me off. Got it hough. 8-)

Hint if you're lost, look where you are and look where the file is you want to get.

EDIT: After posting this of course I see that someone else (can't see who because I clicked edit before I looked at your name) already gave this hint like 3 posts ago. :-p
Primux
New User
New User
 
Posts: 10
Joined: Mon Aug 03, 2009 1:57 am
Blog: View Blog (0)


Re: Extbasic 2

Post by UNL2009 on Fri Mar 19, 2010 3:11 pm
([msg=37086]see Re: Extbasic 2[/msg])

wow. Took me 4 tries (2 of which because I spelled the file wrong...lol). Its not that hard really... As the other people said, thing of file/directory trans-versing...
UNL2009
New User
New User
 
Posts: 22
Joined: Sun Sep 07, 2008 2:32 pm
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests