Please ask questions ONLY in this topic.

[rjstark]

-----------I HOPE THIS ISN'T A SPOILER-------------
IF SPOILER
MESSAGE.EDIT() && AUTHOR.APOLOGIZE()
END IF
-----------I HOPE THIS ISN'T A SPOILER-------------

I'm stuck too. I think that I'll use either (1) r**dp**m.php and SQL injection or (2) sub***p**m*.php and SSI injection...

(1) r**dp**m.php and SQL injection
===============================
No matter what I submit, it always just says "Your poem was successfully added. Thank you for your contributions"

(2) sub***p**m*.php and SSI injection
===============================
No matter what I submit, it always just says "That isn't allowed weirdo"

Is that right?

[keanu1031]

I'm stuck too. I think that I'll use either (1) r**dp**m.php and SQL injection or (2) sub***p**m*.php and SSI injection...

(1) r**dp**m.php and SQL injection
===============================
No matter what I submit, it always just says "Your poem was successfully added. Thank you for your contributions"

(2) sub***p**m*.php and SSI injection
===============================
No matter what I submit, it always just says "That isn't allowed weirdo"

Is that right?

You don't need SQL injections or SSI for it. Think of how it loads the poem - file.php?name=The Idiot
She said that they are saved, but aren't listed until approved. Combine that with what Jheshka about dir trans.

If these are too close to spoilers, send me a PM so I'll know to be more vague in the future.

[Nocteria]

I am defnitly doing something wrong.. I have found the old site.. all of its pages (i think)..

but whatever I try to do it doesnt seem to work..

I know where to do input ... but i dont get the directory transversal since everything seems to be in the same directory.

EDIT: nevermind i idid it.. i was forgeting the ../

[blackprince491]

i spent longer than 2 days doin most of the realistic missions

[blackprince491]

lol forget the smallest thing and it could be hours of annoyance and pain

[nezus]

I'm still on the hacked page ... and i had readed the source again and again but there isn't any clues, inputs or URL ...
I really dont know how to find an exploitable file ... i'm still thinking, but a hint'll be sure welcome :p

[edit] : Must we use the text input from basic 8 to execute shell cmds ?

[edit]2 : i hadn't read enought the source -_-'

[rejelx]

I managed to replace the old page. But how can I find the name of the attacker and send it to PeacePoetry?

[coltlacrosse]

I read about what directory transversal is used for but I don't understand how one would go about applying it. Will someone please list a helpful site or post an example of using directory transversal?

[coltlacrosse]

So i'm guessing you've found the old page right?
Well first of all you need to find out how the system works , trying making a page, what is the file named as?
*hint* You have to overwrite the homepage using directory transversal.

Do you mean actually make a webpage? Wouldent the file be named whatever you save it as?

[Damascus2k8]

Wikipedia: http://en.wikipedia.org/wiki/Directory_traversal

In windows/dos command-line type > dir /ad
In UNIX/Linux command-line type ? ls -al

The top two entries in the directory listing would be something like (dos)
06/06/2008 19:54 <DIR> . <-- Means Current Directory
06/06/2008 19:54 <DIR> .. <-- Means Previous Directory

so typing 'cd ..' will take you back one directory. Thats what it basically means, but using it on the web it is effectively a way of changing the path a page uses to locate a particular file, for example:

A web page looks for its products list in, say a file that is chosen based on user input and stored in a variable (eg. $filename), and then it looks for that file in /files/lists/products -

Code: Select all

$filename = $_POST['list'];
$file = "/files/lists/products/" . $filename;
.....

By using the directory traversal technique we would pass something like "../../something" as $filename, which would make $file look like this:
$file = "/files/lists/products/../../something"
which basically equals to $file being directed to /files/something because the ".." parts say 'go back a directory'.

Its pretty easy once you get the hang of it. Sorry if that doesn't seem very clear but i tried!
There is a pretty good description at the wikipedia link at the top of this post.

Hope that helps.