Page 1 of 13

Please ask questions only in this topic.

PostPosted: Wed Apr 23, 2008 1:01 pm
by -Pein-God-
Easy ....
It's say:
Message: You've probably heard of Yuppers Internet Solutions before. They started in 1997 and are now one of the top websites on the net. I was an intern at Yuppers for a time, but quit when I learned that the admins were selling user data and usage habits to advertisers while saying the opposite. Unfortunately, I couldn't get out of the building with any proof and don't have any high-level access. I do know, however, that much of the coding on their site was done by ameteurs and is probably insecure. Can you hack in and get some proof?

hm.... what "Poison Null Byte" is?
...go to google if you don't know ;)
if you learn what Poison Null Byte is you just need to change "something" to "something" and you get the file-list of the folder ;) ;)

EDITED BY FAITH

Please ask questions only in this topic.
Just to keep the forum neat, and hopefully your post more noticed.
Please help us to keep the forum clean by report trashy posts. :>
You may start a new post if you're making a tutorial. However, if the tutorials are similar, please do not make two.

I wish you best luck with this mission, and hope you enjoy it.

<3 faith.

Re: How to start Realistic 14?

PostPosted: Thu Apr 24, 2008 7:57 am
by sk8linkinhr
yea...you are right ;) ;)

Re: How to start Realistic 14?

PostPosted: Sat Apr 26, 2008 12:32 pm
by _steAlth_
'm stuck please help

-spoiler removed-

Re: How to start Realistic 14?

PostPosted: Sat Apr 26, 2008 2:28 pm
by _steAlth_
Well solved it!!! :D

Re: How to start Realistic 14?

PostPosted: Sun Apr 27, 2008 5:51 pm
by Nines
Is it really necessary to post spoilers?

Re: How to start Realistic 14?

PostPosted: Wed Apr 30, 2008 10:04 pm
by s3klyma
so...
I've found something
And the codes just don't seem to fit.
I'm just starting learning PHP, so I don't know it all, but..
commands like
print, read, and my, I'm not farmiliar with, I figure
they are just like
fopen,
echo,
and just a regular variable.. But I'm not positive.
Please tell me if I'm correct, and if I'm not,
please post links to resources where I could learn
about what I'm making these mistakes


Thanks

Re: How to start Realistic 14?

PostPosted: Sun May 04, 2008 5:00 am
by poseidon
s3klyma, think about the function validkey. You can see it processes the ID you provide, and then compares it in an IF statement. Could you somehow reverse or bruteforce this function... :lol:

Re: How to start Realistic 14?

PostPosted: Thu May 22, 2008 1:25 pm
by shaddow
s3klyma - your code doesn't seem to fit because this is real 14, and that link you provided says "realistic/11/". That might get you one step closer. XD

Poison Null Byte...moving on

PostPosted: Sat May 24, 2008 3:36 am
by jourdie
Hey i learnt what perl's poison NULL byte tweak is...Fairly interesting really and this:
http://insecure.org/news/P55-07.txt
is a very good read.

Ok moving on...I have located our little news.cgi/search.cgi source...and still trying to make terms of it...
Im assuming...that we need access to the admin's mail account...or at least need access to a logged in account so i can access other areas...

Anyway, enough of this...i just really wanted to know whether i'm looking in the right spot..."No Spoilers Plz" and whether this source has clues into achieving a user/password

Thanks in advance

b1nd/jourdie

Re: Poison Null Byte...moving on

PostPosted: Sat May 24, 2008 3:53 am
by jourdie
Oh btw..i found some other scripts on the site, mainly ones that add to my intel on the site...
Is there any1 that would allow me to PM my findings to...? Instead of having to post all spoilers etc...is painful for others who want to learn..

Thanks in advance

b1nd/jourdie