Netsparker Vulnerability Scanner
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

Extended basic 6

Learn how to do code review
Post a reply

Extended basic 6

Post by footyfanatic77 on Sun Jun 08, 2008 7:29 pm
([msg=4312]see Extended basic 6[/msg])

I'm having a great deal of trouble with this mission. I understand the idea, but a nudge in the right direction would be great.
Thanks for your help. :D
footyfanatic77
New User
New User
 
Posts: 11
Joined: Mon Apr 21, 2008 7:52 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by Mindzai on Wed Jun 18, 2008 3:06 pm
([msg=5173]see Re: Extended basic 6[/msg])

footyfanatic77 wrote:I'm having a great deal of trouble with this mission. I understand the idea, but a nudge in the right direction would be great.
Thanks for your help. :D


Have a read up on PHP configuration, especially the register_globals setting :)
Mindzai
New User
New User
 
Posts: 7
Joined: Tue Jun 17, 2008 4:06 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by footyfanatic77 on Thu Jun 19, 2008 3:43 pm
([msg=5287]see Re: Extended basic 6[/msg])

thank you so much!
footyfanatic77
New User
New User
 
Posts: 11
Joined: Mon Apr 21, 2008 7:52 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by AbyssV3 on Mon Jun 30, 2008 7:16 pm
([msg=6165]see Re: Extended basic 6[/msg])

Eh, the solution that I eventually got to work, shouldn't work.

In fact I took the code and tested it, and tried the solution, and it didn't work in a real environment.

I got past this, but login should be theoretically always impossible. Unless I'm missing something? If I'm not, this mission is wrong.
AbyssV3
New User
New User
 
Posts: 1
Joined: Mon Jun 30, 2008 7:14 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by Aesmade on Thu Jul 03, 2008 2:46 am
([msg=6424]see Re: Extended basic 6[/msg])

AbyssV3 wrote:Eh, the solution that I eventually got to work, shouldn't work.

In fact I took the code and tested it, and tried the solution, and it didn't work in a real environment.

I got past this, but login should be theoretically always impossible. Unless I'm missing something? If I'm not, this mission is wrong.

"This site in run by a new sysadmin who does not know much about web configuration"
I think the exploit is based on the PHP configuration, or it could be some bug in a previous version of PHP or something. I'm pretty sure I've seen something similar in some other site too, so it should be correct.
Aesmade
New User
New User
 
Posts: 9
Joined: Thu Jun 19, 2008 9:58 am
Blog: View Blog (0)

Re: Extended basic 6

Post by kfealz on Wed Jul 09, 2008 10:54 pm
([msg=7033]see Re: Extended basic 6[/msg])

After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server). So even if the sysadmin didn't know what he/she was doing while configuring the server, it is unlikely that he/she would have messed this up.

Regardless, it is still a good thing to know about as apparently register_globals can be used safely, so it's something to look for.

Really hoping I didn't break the spoiler rule on my first post... :)
kfealz
New User
New User
 
Posts: 4
Joined: Wed Jul 09, 2008 10:45 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by CyberP1708 on Fri Jul 11, 2008 3:42 pm
([msg=7212]see Re: Extended basic 6[/msg])

I have trouble with this one :-/
Not to find the solution (with register_globals, etc.) but to find what to submit for the script to accept it

I don't even know if the answer has to be like: "me.php?var=value&..." or like "var=value&..."
Do you have to add "&user=&pass=" ?

:-/
CyberP1708
New User
New User
 
Posts: 1
Joined: Fri Jul 11, 2008 3:36 pm
Blog: View Blog (0)

Re: Extended basic 6

Post by Qubit on Wed Jul 16, 2008 6:58 pm
([msg=7586]see Re: Extended basic 6[/msg])

kfealz wrote:After the above comment about checking out how "register_globals" is used, I looked at the explanation here: http://us.php.net/register_globals

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server).
If you read that page again, you'll see that it was disabled by default in 4.2.0 and removed in 6.0.0.
To everyone is given the key to the gates of heaven, but the same key opens the gate of hell.
Qubit
New User
New User
 
Posts: 17
Joined: Tue Jul 15, 2008 8:28 pm
Blog: View Blog (0)

...

Post by Corvus on Mon Jul 21, 2008 3:02 am
([msg=7920]see ...[/msg])

Wow. Case sensitivity, anyone? For some odd reason I kept using the wrong case...
Corvus
New User
New User
 
Posts: 1
Joined: Mon Jul 21, 2008 2:59 am
Blog: View Blog (0)

Re: ...

Post by Qubit on Mon Jul 21, 2008 10:07 pm
([msg=7975]see Re: ...[/msg])

Corvus wrote:Wow. Case sensitivity, anyone? For some odd reason I kept using the wrong case...

Yep, I couldn't do it for days because of case sensitivity. *sigh*
To everyone is given the key to the gates of heaven, but the same key opens the gate of hell.
Qubit
New User
New User
 
Posts: 17
Joined: Tue Jul 15, 2008 8:28 pm
Blog: View Blog (0)
Next
Post a reply

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel