write-ups/hackburger.ee

hackburger.ee Warmup write up

2017. 8. 14. 19:50

hackburger.ee Warmup write up

great wargame




you can see it when you visit this site. we can guess it will use system() function. 

Using system() function, it sends ping message to target. 

But, system() function is vulnerable from command injection. 

If you input ;id you can see the result when you typed it in bash shell.

Like this. 


By doing this, we can know there's the command injection vulnerabilit y.

- You can see the index.php source by requesting view-source:http://burger.laboratorium.ee:8000/?host=%3B+cat+index.php


You can get files in your directory by typing ; ls  


See the 'flag.php'



9reat. The flag is f1b35744925a3f5946c542a1ee64267af8b93b06

















저작자표시 비영리

'write-ups > hackburger.ee' 카테고리의 다른 글

Comment Box solving  (0) 2018.05.25
hackburger.ee Number to ASCII converter write up  (0) 2017.08.15
hackburger.ee File search Write up  (0) 2017.08.14