ExtBasic 10

Learn how to do code review

ExtBasic 10

Post by silverlining on Fri Jun 27, 2008 2:03 pm
([msg=5932]see ExtBasic 10[/msg])

I'm probably the only one who got stuck on this mission, but could I get some hints please? I tried using the exec(''); command and some other commands but I'm getting nowhere.
silverlining
New User
New User
 
Posts: 2
Joined: Sat May 10, 2008 3:50 am
Blog: View Blog (0)


Re: ExtBasic 10

Post by PatTheGamer on Fri Jun 27, 2008 3:47 pm
([msg=5937]see Re: ExtBasic 10[/msg])

I am also having issues with this mission. I've tryed a few PHP functions, like exec, and exec_shell. But nothing is seaming to work. I have a feeling though the solution has something to do with using eval to our advantages, I'm just unsure how to make it do what I want it to do, and no silverlining you are not the only one that is stuck. :D
PatTheGamer
New User
New User
 
Posts: 2
Joined: Thu May 29, 2008 12:24 pm
Blog: View Blog (0)


Re: ExtBasic 10

Post by sharpskater69 on Fri Jun 27, 2008 6:19 pm
([msg=5942]see Re: ExtBasic 10[/msg])

PatTheGamer wrote:I am also having issues with this mission. I've tryed a few PHP functions, like exec, and exec_shell. But nothing is seaming to work. I have a feeling though the solution has something to do with using eval to our advantages, I'm just unsure how to make it do what I want it to do, and no silverlining you are not the only one that is stuck. :D


Exactly what I've tried. I also tried system() since it's basically the same as exec(), no luck. I know what eval does, but don't have much experience with it. It's setting $getit to $y. It looks like $y is what you type in the box. $getit is "htsf", there I'm stuck. Don't know how that relates to shells or this challenge.
sharpskater69
New User
New User
 
Posts: 34
Joined: Tue Apr 22, 2008 4:10 pm
Blog: View Blog (0)


Re: ExtBasic 10

Post by PatTheGamer on Sat Jun 28, 2008 2:28 pm
([msg=5991]see Re: ExtBasic 10[/msg])

yeah I googled htsf and I didn't find anything related to shells or programing. I think the challenge is to get the exec() to execute after the htsf is executed but I have no idea how to go about doing that.
PatTheGamer
New User
New User
 
Posts: 2
Joined: Thu May 29, 2008 12:24 pm
Blog: View Blog (0)


Re: ExtBasic 10

Post by I-MrKnox-I on Sat Jun 28, 2008 2:47 pm
([msg=5995]see Re: ExtBasic 10[/msg])

I, too, am stuck on this... I would really appreciate a hint on how the input should be submitted. Are we supposed to set arg as a PHP variable ($_GET[arg]=...) or as a GET argument (?arg=...) or how are we supposed to submit this??

It would really help me focus on the argument in stead of trying different syntaxes xD
I-MrKnox-I
New User
New User
 
Posts: 20
Joined: Fri Apr 18, 2008 2:45 pm
Blog: View Blog (0)


Re: ExtBasic 10

Post by _cypher_ on Sun Jun 29, 2008 3:06 am
([msg=6032]see Re: ExtBasic 10[/msg])

its more about showing the folders index.
(jumping to that location...)
_cypher_
New User
New User
 
Posts: 1
Joined: Wed Jun 04, 2008 9:19 am
Blog: View Blog (0)


Re: ExtBasic 10

Post by Aesmade on Thu Jul 03, 2008 2:34 am
([msg=6422]see Re: ExtBasic 10[/msg])

I-MrKnox-I wrote:I, too, am stuck on this... I would really appreciate a hint on how the input should be submitted. Are we supposed to set arg as a PHP variable ($_GET[arg]=...) or as a GET argument (?arg=...) or how are we supposed to submit this??

It would really help me focus on the argument in stead of trying different syntaxes xD

Well, the submit button has to be there for a reason =P I haven't completed it, but just like all the other extbasics, I suppose that the $_GET['arg'] is what you submit.

_cypher_ wrote:its more about showing the folders index.
(jumping to that location...)

I don't understand what you mean by that...
And since eval("\$getit = \$y;"); is eval'd to $getit = $y; and the rest of the script is just assigning variables, I don't see how it could be exploited...
Aesmade
New User
New User
 
Posts: 9
Joined: Thu Jun 19, 2008 9:58 am
Blog: View Blog (0)


Re: ExtBasic 10

Post by int3grate on Mon Jul 07, 2008 12:52 am
([msg=6731]see Re: ExtBasic 10[/msg])

I've looked at it for a while, and I don't see anyway possible to exploit it. Has anyone actually been able to complete this mission?
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)


Re: ExtBasic 10

Post by JeFahFah on Mon Jul 07, 2008 3:01 pm
([msg=6769]see Re: ExtBasic 10[/msg])

First $getit is set to an initial value;
Then $y is set to $_GET['arg']
then eval evaluates a string as php code... so eval("\$getit = \$y;") is the same as $getit = $y;

so the vulnerability is at $y = $_GET['arg']... i just dont know the code to get it working :(
JeFahFah
New User
New User
 
Posts: 2
Joined: Mon Jul 07, 2008 1:37 am
Blog: View Blog (0)


Re: ExtBasic 10

Post by JeFahFah on Mon Jul 07, 2008 3:03 pm
([msg=6770]see Re: ExtBasic 10[/msg])

and i dont find the explanation of the problem enough... am i looking for the php code a uri or what???
JeFahFah
New User
New User
 
Posts: 2
Joined: Mon Jul 07, 2008 1:37 am
Blog: View Blog (0)


Next

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests

cron