Extension blocking
Level 2
You have this function, provide the value which must be POST-ed as filename to obtain the desired results:
Get the source code of hackthissite.org/index.php
here is the function:
<?php
$lvl_text = file_get_contents($_POST['filename'].'.php');
?>
|___________________|check
Solution:
- The URL of this level is hxxp://www.hackthissite.org/missions/extbasic/2
- The URL of the target page is hxxp://www.hackthissite.org/index.php
- Just input ../../index and check.
- It's done!