Ext 12

Learn how to do code review

Re: Ext 12

Post by haha01haha01 on Wed May 20, 2009 6:50 am
([msg=23990]see Re: Ext 12[/msg])

I find this mission very confusing. Basically, to solve it, you have to pretend you dont know what $userpass is assigned.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: Ext 12

Post by Mortecai4 on Tue Jun 02, 2009 10:16 am
([msg=24760]see Re: Ext 12[/msg])

What does a variable with 2 $ in front of it mean?
$$key
Mortecai4
New User
New User
 
Posts: 44
Joined: Wed Apr 23, 2008 2:14 pm
Blog: View Blog (0)


Re: Ext 12

Post by eljonto on Tue Jun 02, 2009 10:57 pm
([msg=24788]see Re: Ext 12[/msg])

Mortecai4 wrote:What does a variable with 2 $ in front of it mean?
$$key


Do you know what people who don't code in php did when they saw that in the mission? They went to google, you should give it a go.
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Ext 12

Post by xen on Thu Jun 18, 2009 1:13 pm
([msg=25548]see Re: Ext 12[/msg])

YAY! i finally did it...
ok people:

READ EVERY POST in this thread from the start up until now, have another go at it after you read each post!!!!!!

it tells you to use "moo.com/anything=something" to declare the info to input

reading thru this thread mentions you need to declare more than one, which you should know how to do from years of internet browsing and looking at your address bar.

the script is very basic, there are only so many variables in it which narrows it down ALOT...

if you try something and think it should work but it doesn't (like i did), try it the other way round

after reading thru this thread if you haven't already got it by the time you get to this post,,, you should have it now!!
xen
New User
New User
 
Posts: 14
Joined: Sun Nov 23, 2008 5:33 am
Blog: View Blog (0)


ExtBasic 12

Post by pSub on Sat Nov 28, 2009 8:05 am
([msg=30823]see ExtBasic 12[/msg])

Is there any special way to submit the solution? Because after a few attempts I tested the script on my webserver, and there I am able to exploit the script.

I tried the following:
moo.com?<the answer>
moo.com/index.php?<the answer>
http://moo.com/index.php? <the answer>

But nothing works.
pSub
New User
New User
 
Posts: 1
Joined: Sat Nov 28, 2009 7:57 am
Blog: View Blog (0)


Re: Ext 12

Post by st0w on Tue Jun 29, 2010 7:54 pm
([msg=41040]see Re: Ext 12[/msg])

I have to concur with something that's already been said. If these are supposed to be realistic, then the answer that's expected isn't accurate. With the scenario as presented, the expected answer is extraneous.

Think redundancy.
st0w
New User
New User
 
Posts: 3
Joined: Sat Jun 19, 2010 7:04 pm
Blog: View Blog (0)


Re: Ext 12

Post by shill on Tue Sep 21, 2010 3:35 pm
([msg=46258]see Re: Ext 12[/msg])

Remember, you have to exploit it, not match the pass that's given to you. Pretend you don't know that password.
shill
New User
New User
 
Posts: 10
Joined: Mon Jan 11, 2010 2:50 pm
Blog: View Blog (0)


Re: Ext 12

Post by dhldhldhl on Sun Jan 02, 2011 12:17 pm
([msg=51545]see Re: Ext 12[/msg])

Hey there, I've gotten the answer and it's pretty easy actually. The problem remains though, that I don't get where I have to put the answer. Is it possible that moo.com has been bought by another company? Because there's an entire website overthere so where should I put my answer?

Any help would be grateful. :-)

--edit
got it :D
dhldhldhl
New User
New User
 
Posts: 1
Joined: Thu Oct 09, 2008 10:27 am
Blog: View Blog (0)


Re: Ext 12

Post by lezazA on Sat Jan 15, 2011 3:33 pm
([msg=52216]see Re: Ext 12[/msg])

This challenge was very confusing. If the script were really like that there would be no need to set an extra variable... anyway, even with the confusing text, solving it was trivial.
lezazA
New User
New User
 
Posts: 2
Joined: Sat Jan 15, 2011 3:20 pm
Blog: View Blog (0)


Re: Ext 12

Post by CovertMagic on Sat Mar 01, 2014 6:11 am
([msg=79699]see Re: Ext 12[/msg])

Remember, you have to exploit it, not match the pass that's given to you. Pretend you don't know that password.


Dang, that's the clue.

Perhaps, if we're not supposed to know the password, a good idea might be to not tell us it?
e.g. omitting
Code: Select all
$password = 'IWantToCow';
from the question.

I think I missed the point in so many spectacular ways on this one.

Anybody else actually send HTTP requests to the real [url]moo.com[/url]?
CovertMagic
New User
New User
 
Posts: 8
Joined: Fri Feb 21, 2014 6:23 pm
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests

cron