webPromedium

Обходной путь (Obhodnoy Put)

hackerlab

Task: PHP web app with code input field executing via eval(). Solution: Bypassed function blacklist (system, exec blocked) using file functions (scandir, readfile) to enumerate directories and read hidden .secret file containing the flag.

file_read php filter_bypass file_get_contents eval code_injection function_blacklist scandir readfile rce_alternative

PHP eval() code injectionFunction blacklist bypass using file functionsDirectory enumeration with scandir()Arbitrary file read with readfile()

$ ls tags/ techniques/

file_read php filter_bypass file_get_contents eval code_injection function_blacklist scandir readfile rce_alternative

PHP eval() code injectionFunction blacklist bypass using file functionsDirectory enumeration with scandir()Arbitrary file read with readfile()

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups