Заметки (Notes)

hackerlab

Task: Cloud notes storage with source code provided. Solution: Path Traversal via base64-encoded cookie manipulation - username cookie decoded without path validation allows escaping notes directory to read flag file.

lfi path_traversal file_read php base64 directory_traversal cookie_manipulation

Path Traversal via cookie manipulationBase64 encoding bypassSource code analysis

$ ls tags/ techniques/

lfi path_traversal file_read php base64 directory_traversal cookie_manipulation

Path Traversal via cookie manipulationBase64 encoding bypassSource code analysis

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]76 - Надежное хранилище (Reliable Storage)— duckerz
[web][Pro]Та самая заметка (That Same Note)— hackerlab
[web][Pro]Portfolio (Red Portfolio)— hackerlab
[web][Pro]B64Decoder— hackerlab
[web][Pro]Соленый огурец (Salty Pickle)— hackerlab