Basic 23
I'm getting the notorious "You are on the right track, you just need to think of how you can exploit this vulnerability" message, and I get that I need the you-know-what to execute a command, but I guess I can't actually figure out how to do that without seeing the actual you-know-what. I've tried using several GET variables to enter it, but the you-know-what I downloaded (the only one I can find) uses POST ones. So I have no idea what to do past this point or what it's asking of me.
If I sound like I have no idea what I'm talking about, I freely admit that I'm a complete and utter noob to this stuff. I hope I didn't say anything incriminating or spoilerish.
@guy above^
everything is generally given in the challenge description. did you look up what RFI meant and how it is used?.. if not, I suggest you google it, which is what you should do before you post anything.
and he was refering to starofale when he said "star"…
all I am saying is try to add a little bit of detail to your post to show you have tried to do the research yourself, without giving too many spoilers. that way it doesn't appear that you aren't sure what your meant to do.. what you posted in your second post wasn't a complete spoiler, so if you had added that to your post, it would show you have done a little research.
i didn't mean to appear hostile in my reply.
I pm'd you as well.. check your inbox.
espartaniac wrote: I've tried linking to a sh*** file, for example. no success… I've tried getting into other folders, no success.
I get stucked on that point too. I read about RFI, ws***, so I decided to use c**.t** as the value of p***. I thought that I'll have trouble with the extension, so I tried add n***, q******* m***, and a******** without no luck. :S
Finally I got it … it was much more easier than I expected. =)