Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Realistic 4


Realistic 4

By SySTeM avatarSySTeM | 17736 Reads |
0     0

Ok this one is kinda hard at first but once you know where you need to be it’s simple.

Part one: Finding directories If you look in the source of the main page you should notice that if you submit your e-mail address it takes you to a file named mail.html, so let’s submit our e-mail (you can type anything) you shoul notice it goes straight to an error page. Now if you have firefox what you can do is in the URL bar enter “view-source:http://the site” with no quotes. Now you should see where it takes you and you should also see a directory called /mi/ go there.

Part two: Logging in, Now when you are in the directory called /mi/ you should see a link to a login page, but instead we want to view the source of the page we’re in. So view it already! Now in the source you should see an admin login, now instead of going there we login as Drake in the members login and view the files in there.

Part three: Trying things, Now we know what files are available in the users page try them in after the admin login page and voila we can view things without admin permissions! Now we need to remove Ghost’s record so look around and see how to get to the records, try using “all.php” found them? Then lets move on.

Part four: Removing Ghost’s record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we’re trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Part five: Clearing logs, Now if you’ve already found the log clearing from that’s what you need the password for ;) but if not try and think what it could be if the records were in “all.php?id=records” think logs not reocrds this time. Found it? GOOD! Now we enter the pass and get our points w00t w00t!

Comments
ghost's avatar
ghost 17 years ago

I've tried all possible actions and I've come to the conclusion that the challenge might be down?

ghost's avatar
ghost 17 years ago

thanks ..article helped me till step 3..

ghost's avatar
ghost 16 years ago

Great article without this I probably wouldn't have been able to do it(or it would have taken me aaagggeeess)absolutly amazing!!!:D:)

ghost's avatar
ghost 16 years ago

Awesome article man =)

breakDance's avatar
breakDance 16 years ago

i'm stuck on part 5..anyway..this articel help me a lot..thanx..hehehe..:D

breakDance's avatar
breakDance 16 years ago

finally..i beat this challenge..:happy:

ghost's avatar
ghost 15 years ago

what's the difference of 'page.php?q=25&id=1' and 'page.php?q=25&&id=1' ? :o

ghost's avatar
ghost 15 years ago

what's the difference of 'page.php?q=25&id=1' and 'page.php?q=25&&id=1' ? :o

ghost's avatar
ghost 15 years ago

Finally got that right, but can anyone PM me to answer me the question i've made before this post?

kingasmk's avatar
kingasmk 13 years ago

Great One it helps me so much Thanks but can any one tell me what kind of vulnerability is it??

Hellow533's avatar
Hellow533 12 years ago

Most of you are having problems, instead of ?remove=Ghost&&id=records try ?r******=r*****e&&id=Ghost It really should be all.php?(thing)=(action)&&id=(someone) Get it yet? (Hope there weren't too many spoilers)

nn3nn0's avatar
nn3nn0 12 years ago

Hellow533, too many spoilers jejeje thxs

Lemmink's avatar
Lemmink 11 years ago

"trying to remove one record not loads of records." I should not have spent so much of my time not figuring out this line. !:ninja:

jayesh's avatar
jayesh 3 years ago

i am still stuck at the action part can somebody help:o