Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Web Patching 1 to 3

  1. Home
  2. Articles
  3. HBH Challenge Tutorials
  4. Web Patching 1 to 3

Web Patching 1 to 3

By SySTeM avatarSySTeM | 12844 Reads |
0     0

Here’s my article on web patching one to three, for these challenges you will need some basic knowledge of php.

Web Patching 1 On this challenge you see that the code echo“s the variable: $_POST[‘username’]. For example, if you typed “floobman mc doodle” in the username box and hit submit it would say “Logged in as floobman mc doodle.” But, if you tried injecting some html tags into the box, as the script don’t filter html tags it will output whatever html you put in. You should know the name of this. If you don’t know how to get rid of html tags from being inputted, try googling.

Web Patching 2 Right, you can see that this one has an sql query, so that should give you an idea of what kind of exploit this is. To patch it, you have to know that you need to make it add a slash in front of the apostrophes and quote marks to stop the exploit. Again, if you don’t know the function for this, google.

Web Patching 3 Moving on to the third patching challenge, this script is meant to include whatever file you choose through the variable: $page = $_GET[‘page’]. The script also adds “.php” onto the end of the included file, so if you typed: something.php?page=something, it would include itself. But using our knowledge of poison null bytes, you could try this: something.php?page=/etc/passwd/%00 to try and view the password file. The way you are suppsoed to patch this is the opposite of web patching two.

I hope this article has helped you, I realise it is quite a short article, but I couldn’t think of any way to make it longer.

Comments
ghost's avatar
ghost 18 years ago

nice!! right to the point and doesnt spoil it B)

Mr_Cheese's avatar
Mr_Cheese 18 years ago

yeah excellent. gives just the right amount of information away :) This will certainly help a few people who are stuck on it.

ghost's avatar
ghost 18 years ago

nice, whats up with the _'s?

SySTeM's avatar
SySTeM 18 years ago

Dunno, lol, I just thought it looked good :D

ghost's avatar
ghost 18 years ago

Good articles, concise without being bland or giving too much away.

I just had the exploit types wrong haha.

ghost's avatar
ghost 18 years ago

great article, i understand more about them even though i completed it lol^^

ghost's avatar
ghost 18 years ago

Well done, great article

ghost's avatar
ghost 18 years ago

good one

ghost's avatar
ghost 18 years ago

very helpful!

ghost's avatar
ghost 18 years ago

theres actually bout 10 functions to add the backslashes

ghost's avatar
ghost 16 years ago

thanks a lot this is well written and straight to the point without any spoilers. :D

rolling's avatar
rolling 16 years ago

floobman mc doodle 4tw! lol jk nice article helped me a lot

ghost's avatar
ghost 16 years ago

I like the article.. but I have a thought.

For the third one, couldn't the exploit be RFI? I thought that what needed to be done was to filter out '?'

ghost's avatar
ghost 16 years ago

Top Marks

ghost's avatar
ghost 16 years ago

Good article, no spoilers and really just gave an idea what to google… Google is my friend but it helps to know what to think of…