Калькулятор (Calculator Eval)

hackerlab

Task: PHP calculator with eval() and WAF protection. Solution: Bypassed WAF using backticks for RCE and file_get_contents() to read source code containing the flag.

waf_bypass rce php source_code_disclosure eval_injection backticks file_get_contents command_execution

PHP eval() injectionWAF bypass via backticks and file_get_contentsSource code disclosure for flag extraction

$ ls tags/ techniques/

waf_bypass rce php source_code_disclosure eval_injection backticks file_get_contents command_execution

PHP eval() injectionWAF bypass via backticks and file_get_contentsSource code disclosure for flag extraction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Calculator— hackerlab
[misc][Pro]Калькулятор— hackerlab
[misc][Pro]Неуязвимый калькулятор (Invulnerable Calculator)— hackerlab
[web][Pro]Обходной путь (Obhodnoy Put)— hackerlab
[web][Pro]Секрет (Secret)— hackerlab