What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Bright Shadows - Exploit 2: "Analyse this I!"



This challenge is about getting around filters, which might make it harder for you to exploit a script.

What url would you use as parameter if there would be a script "exploitit.php" in the "/user/www/challenges/" folder of our Linux webserver and you want to open "/user/www/index.php".

In case "exploitit.php" looks like this:

Or in case"exploitit.php" looks like this:

Answer 1:|______________________________|
Answer 2:|______________________________|Send

  1. This challenge is about Local File Inclusion. In the beginning I encoded the path of '../index.php' into '..%2Findex.php', but the result always told me 'Both answers are wrong!'
  2. Alright, since the first one script only replaces the '../' with nothing, we could input the URL like below and make it into '../index.php'.
    Answer: ..././index.php
  3. The second one will be more easier. Although it double checked the '../' for Local File Inclusion and the '://' for Remote File Inclusion, it opens the file directly without appending any directories. So, we could simply input the URL directly like below to achieve our goal.
    Answer: /user/www/index.php
  4. Well done!