Realistic 17

So.. I'm pretty sure by now that in this mission, after you put the filename in challenges/real17/?file= that they add, or delete something. This is because when you put links.html, it's the same as quotes.html.

And if you go to /real17/s. or /real17/es. you can see the text

echo "

at the top of the page, and in the source. When you look at the links in the source, they are done as if they were made to be implemented in PHP.

I'm really stuck on this challenge, ive tried guessing loads of files and have gotten things I cant do but nothing that I can do. Will anyone point me in the right direction?

for all I can say is from the excl. memeber forum is that it is some advanced php exploit, and the string you enter in the page variable is long as hell and it's got really difficult syntax, when doing reseach on it,haven't came across anything useful so far

moshbat wrote: It's not long as hell, or even that difficult. You need to know quite a lot about php.

and that's the problem, I know only very basics, so I see it slighly differently :D maybe a little hint to what to google for …?(except for php tutorials :D )

Obviously not then. Nobody on this forum is willing to give a single hint on this challenge, how are we supposed to beat it? Become experts at php? Cant seriously be a prerequisite to finishing the challenge.

i had a friend of mine look at this challenge and he did some wierd stuff and told me at the end it has to do with some SQL.

now i don't know how accurate this is. but my friend is pretty good at this stuff

This is probably one of the easiest challenges on hbh if you know what you are doing. It took me a total of 15 min to get the syntax right. Go google php streams and bingo, you have found what you need.

does it involve any LDAP or Xpath injections. or can i pm you with some things i have in mind.

Anyone I can PM with what I've got on this? I've found at least two things I could exploit and tried them on my own site, but can't get any results on the challenge :/

Possible Spoiler

Read up about PHP Wrappers.

=]

cueballr

P.S:Edit if its too much of a spoiler(A)

That's exactly what the exploits are what I found :D

I think i know what to do.. just can't get it all right..

Can i pm someone with what i have..

Sure, you can pm me. :)

• — 2. Exploit — <?php $file=""; # FILENAME error_log("<? echo \"cx\"; ?>", 3, "php://../../".$file); ?>

thats what i keep coming up with when i google php streams and wrappers. i like to think i am ok when it comes to patching but i have no idea how this is exploitable here.

heres where i got it

http://securityreason.com/achievement_securityalert/41

Ok , reading on on php steams /wrappers. I feel like I know what to do, but I need help on how to do it. Can I pm someone what I have?

Edit: Solved it, never mind.