Patchin 3

ghost

0 0

17 years ago

Someone has to start this thread….

So, I see system_meltdown said in his article that the solution is the opposite of the previous challenge…which leads me to believe Im right in using asl***()

can anyone shed some light on how to tell which method of patching this will be accepted for the challenge? also, is pnb the exploit type they are looking for?

Mr_Cheese

0 1

17 years ago

think about it.

look at the code and you'll notice its including php files. Then read willeh's article and you'll get the idea :)

ghost

0 0

17 years ago

Thats the thing, I thought I had it no problem…..

$page = asl***($_GET['page']);

that's not a spoiler is it?

didnt work, so I proceded to read too many articles…now I know many ways of doing this, and have confused myself.

Mr_Cheese

0 1

17 years ago

how is adding slashes to the file name going to stop anything?

well.. i cant figure this one out to.. 1 and 2 were pretty easy .. plus tthe articles.. so i tried [edit by The_Flash] what was used in the previous patching challenges [/edit].. none works .. in an article it said.. the oposite of the solution on web patching 2. ive google it but it still doesnt work.. any help would be great. :|

Mr_Cheese

0 1

17 years ago

read the code, then work out what it is actually doing!

once you know what its doing, you'll see easily how you could exploit it. and thne you'll know how to patch it :)

ghost

0 0

17 years ago

i have same problem… i tried lot's of things like stripslashes, addslashes, strip_tags, htmlspecialchars, htmlentites, rawurlencode, rawurldecode etc… and i am SURE some of them are able to patch this. I tried to made webpage with same code as is in this challenge and more than one of words up correctly patched it. So what is that solution!? :whoa:

ghost

0 0

17 years ago

Well for this challenge i know what kind of thing must be put and it's not addslashes (that's for SQL Injection BTW) ! If someone wish to help me ill pm you with what i got …