WEB 300 (https://ctf.rc3.club:3100/)
P/s: Sorry if my English is bad.
- - This challenge is very cute (Because I love dog
so much :) ).
- -When I see this web I think it’ s about
injection. So I change the value and view source.
- -You can see the value cat(the web’s
about dog but use cat :( )=> It’s about cmd injetion.
- -I use “|” and ls but it’s not right.Sad 5
minutes
- - But I don’t give up I try hard to find the vulnerability.
- -I test the value ‘bork=TheBorkFiles.txt
bork[a..s]’
- - “Borks is a dictionary” oh => It will check
the value in [] I think so.
-It’s time for code :)
- - And wa bla I got the code of website
- - The flag’ s in bork.txt . it’s not to use ../
but I don’t believe it so I change ‘$data’ in my code.
- - And it’s return flag for me after many hours try
hard :v (but I get flag when the game is end :v)
0 nhận xét :
Đăng nhận xét