What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Extbasic 2


Extension blocking

Level 2

You have this function, provide the value which must be POST-ed as filename to obtain the desired results:
Get the source code of hackthissite.org/index.php
here is the function:

        $lvl_text = file_get_contents($_POST['filename'].'.php');

  1. The URL of this level is hxxp://www.hackthissite.org/missions/extbasic/2
  2. The URL of the target page is hxxp://www.hackthissite.org/index.php
  3. Just input ../../index and check.
  4. It's done!