Bloody_Angel
8 years ago | edited 8 years ago

0

Hi, I am currently stuck at the injection.
So what I have done:

–removed
The problem is the character limit, so –removed
–removed
After submitting these messages, I get two instead of one message on the “Contact”-page.
So, I looked at the site-source and see that –removed will not “removed word” with –removed , although the syntax is not wrong.

My question is, why does this happen and what do I do wrong?
Usually, the ‘+’ operator has a higher priority than the ‘=’ operator.

dloser
8 years ago

0

You post is way too big of a spoiler. Please remove.

Also, your syntax is wrong. You can’t use that operator there at all. (Amongst other things.)

Bloody_Angel
8 years ago | edited 8 years ago

0

Is there a another method to concatenate these “pieces”?

–removed

Reply has been removed

? [bolofecal]
8 years ago

0

@Bloody_Angel has a bit of post in your spoiler.

?

Bloody_Angel
8 years ago

0

@bolofecal: Which one do you mean, the first or second one?
I removed the code part of my first post, so there is just the post left, but I don’t know whether it is too big of a spoiler.

dloser
8 years ago

0

Yeah… both posts are still spoilers.

And just keep trying. There are plenty of ways to get this to work.

Bloody_Angel
8 years ago

0

Finally!! I got the injection and the data that I wanted to get:

Now I get the message “Session has expired”

? [bolofecal]
8 years ago

0

Congrats to find the method, but think in this:

The target site is run by security “experts” so they will be more suspicious than most. If they notice anything suspicious they are more likely to act.

?

Mr. Cyph3r [MrCyph3r]
8 years ago

0

Well, in my opinion your post is still a big spoiler… I would remove something more since it ruins the challenge for people looking only for an hint.

Telling the method to use is not a nice thing to do imho.

Bloody_Angel
8 years ago | edited 8 years ago

0

@MrCyph3r: Ok, I removed a part. Is it still a too big spoiler?

Mr. Cyph3r [MrCyph3r]
8 years ago

0

Much, much better man :)
Now it looks more like an hint, since you give an indication about what needs to be done but you don’t spoil the method to obtain it !

Well done man, well done.

dloser
8 years ago

0

Still spoilers if you ask me. First post spoils general idea, second post gives exact method.

Mr. Cyph3r [MrCyph3r]
8 years ago | edited 8 years ago

0

Yeah, agree… but anyway I feel that now it is much better than when I saw it the first time… I was like “hey wtf”

Bloody_Angel
8 years ago | edited 8 years ago

0

So, I think that I know why the user detects the “suspicious activity”.
The problem is still the..

..char-limit. I know an another method to inject my code, but it will not work with that limit.
Is there a method to break (disabling) the limit instead of bypassing it?

? [bolofecal]
8 years ago

0

Maybe the script uses something like this:

echo substr('abcdef', 0, 3); //abcd

Maybe you can find some method to bypass it or try another method.

?

Bloody_Angel
8 years ago

0

Now I tried different things, still getting “user logged out”. There is a filter that detects a specific string in the message. I think I know what string triggers the user logout, but I don’t know an another way.

Bloody_Angel
8 years ago

0

Level solved!! Thank you everybody for your help!

Reply has been removed

? [bolofecal]
8 years ago

0

Congrats.Post content is too short

?

Mr. Cyph3r [MrCyph3r]
8 years ago

0

Congratulations @Bloody_Angel !!

Stuck at the injection

SecureUs

0

0

0

0

?

0

0

0

0

?

0

0

0

0

0

0

0

?

0

0

0

?

0