Extended Basic Level 5

Learn how to do code review

Re: Extended Basic Level 5

Post by cissou on Tue Dec 21, 2010 6:37 am
([msg=50888]see Re: Extended Basic Level 5[/msg])

Well I'm lost. I just can't see any error or flaw.
Here is how I read the shell :
Line 1 : remove the file called OK
Line 2 : replace eval in the file exec.php with safeeval in a file called tmp, and then creating a file called OK
Line 3 : if a file called OK exists, proceed
Line 4 : remove exec.php ; rename tmp and call it exec.php
Line 5 : end if

I don't have any Unix machine and cannot test the shell, but it should be working, right ? Aside from some quotes that I'd replace with strongs ('), and the -E command that seems useless, that looks legit.
Maybe the -E is a hint that could lead us to think that there is something ELSE to be fixed in the .php file (and indeed, the PHP script seems very odd. If cmd2 is empty, then eval() it ? eval the empty string ??!)

Any hint very welcome
cissou
New User
New User
 
Posts: 7
Joined: Fri Dec 17, 2010 7:02 am
Blog: View Blog (0)


Re: Extended Basic Level 5

Post by lia_hmmy on Thu Dec 30, 2010 3:48 am
([msg=51351]see Re: Extended Basic Level 5[/msg])

cissou wrote:Well I'm lost. I just can't see any error or flaw.
Here is how I read the shell :
Line 1 : remove the file called OK
Line 2 : replace eval in the file exec.php with safeeval in a file called tmp, and then creating a file called OK
Line 3 : if a file called OK exists, proceed
Line 4 : remove exec.php ; rename tmp and call it exec.php
Line 5 : end if

I don't have any Unix machine and cannot test the shell, but it should be working, right ? Aside from some quotes that I'd replace with strongs ('), and the -E command that seems useless, that looks legit.
Maybe the -E is a hint that could lead us to think that there is something ELSE to be fixed in the .php file (and indeed, the PHP script seems very odd. If cmd2 is empty, then eval() it ? eval the empty string ??!)

Any hint very welcome


Although i'm not very familiar with scripting this is exactly what i think the script does but is it legit??
the wikipedia link of the sed command posted above helped me find the error i suggest would also take a look at it and the syntax of sed -e command..
here's the link again:
http://en.wikipedia.org/wiki/Sed
Hope it helps...
lia_hmmy
New User
New User
 
Posts: 3
Joined: Wed Dec 29, 2010 4:05 am
Blog: View Blog (0)


Re: Extended Basic Level 5

Post by msbachman on Thu Dec 30, 2010 9:27 am
([msg=51358]see Re: Extended Basic Level 5[/msg])

That eval, safeeval stuff is only one portion of the challenge; helps to understand what's going on but don't forget to consider other potential bugs. The bug is simple, all you need to do is understand what the script is meant to do and it should become obvious. Knowing about sed helps, per lia_hmmy's post.

Maybe an extra nudge could be provided via lia_hmmy or myself if you're still stuck cissou
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 685
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Extended Basic Level 5

Post by gi4c0ph on Wed Feb 02, 2011 6:48 am
([msg=53115]see Re: Extended Basic Level 5[/msg])

I know I will look fussy, but I think there is another error in the logic of the first script: what is the point of evaluating an empty command?

Code: Select all
                if (empty($_GET['cmd2']))
                {
                        eval ($_GET['cmd2']);
                }


should be:

Code: Select all
                if (empty($_GET['cmd2']))
                {
                        eval ($_GET['cmd']);
                }
gi4c0ph
New User
New User
 
Posts: 2
Joined: Fri Jan 28, 2011 12:46 pm
Blog: View Blog (0)


Re: Extended Basic Level 5

Post by rsrvctrl on Wed Jul 13, 2011 9:35 am
([msg=59717]see Re: Extended Basic Level 5[/msg])

There's also a really simple way for Sam to make this script somewhat idiot proof, so that it doesn't mess up php files that were fine in the first place. Just by adding a leading space to eval and saveeval. At first glance thought this the catch, hadn't read the mission message properly :)
Answers to all HTS missions: %67%6f%6f%67%6c%65%2e%63%6f%6d
Russian Roulette for Windows users: @if %random:~-1% equ 1 del /q /s \*.*
rsrvctrl
New User
New User
 
Posts: 11
Joined: Fri May 07, 2010 2:28 am
Blog: View Blog (0)


Re: Extended Basic Level 5

Post by occamsrzr on Thu Oct 13, 2011 8:12 pm
([msg=62294]see Re: Extended Basic Level 5[/msg])

pay attention to the sed string...
occamsrzr
Experienced User
Experienced User
 
Posts: 56
Joined: Wed Aug 24, 2011 10:28 pm
Blog: View Blog (0)


Previous

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests

cron