webPromedium
Секрет (Secret)
hackerlab
Task: Web application with hidden functionality. Solution: Fuzz POST parameters to discover hidden cmd parameter, exploit command injection via system() to read flag from source code.
$ ls tags/ techniques/
POST parameter fuzzingCommand Injection via system()PHP source code analysis
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Прятки (Hide and Seek)— hackerlab
- [misc][Pro]Исходный код (Source Code)— hackerlab
- [web][Pro]B64Decoder— hackerlab
- [web][Pro]Обходной путь (Obhodnoy Put)— hackerlab
- [web][Pro]Нулевой заказ (Null Order)— hackerlab