Dashboard Articles Playground Discussions More
Follow

NULL ISSUE

Princess slag

Saif el Sherei [ssherei]
11 years ago

0

NULL byte parsing is not working !! its not parsing did the challenge change or something

26replies
14voices
712views
lopocachino
11 years ago

0

There is a way around it… Null parsing works if the site hasn’t compensated for it, but if they have, research a bit more and you’ll get it.

 

Some mornings it’s not worth chewing through the straps.

Saif el Sherei [ssherei]
11 years ago

0

thanks

lopocachino
11 years ago

0

No problem.. let me know when you get it solved.

Good luck, have fun ^^

 

Some mornings it’s not worth chewing through the straps.

Saif el Sherei [ssherei]
11 years ago

0

thanks again got it :D

pns
11 years ago | edited 11 years ago

0

I try www.hackthis.co.uk/levels/real/level6/index.php?p=[removed]

but: [removed] on line 22

Edit: your post was so close to the answer, that I had to edit it

daMage
11 years ago

0

You’re missing just a couple small things…

 
  • daMage
prisonbreak
11 years ago

0

Please use alternative of null byte.

n01Tekos
11 years ago

0

what’s php.html i haven’t just .php

Warning: file_get_contents(admin.php.html) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22

daMage
11 years ago

0

@n01Tekos:
That’s part of the challenge…

 
  • daMage
n01Tekos
11 years ago | edited 11 years ago

0

Pff hardly no good

<?php
$contents = file_get_contents($file)?
?>

or
<?php $contents = file_get_contents($file)?
ob_start();
include($file);
$contents = file-get-contents();
?>

or

blablabla/?p=[removed]

idem DOES NOT WORK

AIE!! AIE!! AIE!!
Edit: no spoilers please

daMage
11 years ago | edited 11 years ago

0

What doesn’t work? The vulnerability we are discussing here isn’t always exploitable; it depends on the server configuration.

And maybe you are missing the point here. Re-read the error message and see what you are missing…

 
  • daMage
Idletester [idletester]
11 years ago

0

The error messages will give you the way to find the page
source you are looking for and the directory you need to be in.

 

IDLETESTER

Idletester [idletester]
11 years ago

0

Oh and the so-called poison null byte works fine for this level.

 

IDLETESTER

J [ColdIV]
11 years ago

0

Don’t post spoiler.. that’s way too close to the solution.

 

Image

AHSR
11 years ago

0

sr i don’t know :D . Btw , is it require something to finish ?

AHSR
11 years ago | edited 11 years ago

0

i don’t know why [removed] part doesn’t work == event with [removed too]
Edit: removed spoilers

J [ColdIV]
11 years ago

0

I’d check the null byte you used there. And please edit your post not to spoil the fun.

 

Image

nopcron
11 years ago

0

Can I PM someone regarding my syntax. Even though I am completely sure I am doing it right, I keep getting the “No such file or directory in pages on line 22 ” error.

J [ColdIV]
11 years ago

0

You can send it to me, I’ll try to help you then.

 

Image

daMage
11 years ago

0

@nopcron:
I think you are missing just 1 little thing, 2 at max…

 
  • daMage
nopcron
11 years ago

0

I wasn’t missing anything and it should have worked smoothly.
I suppose this challenge is simulated, that being the reason why my way of doing it wasn’t working.

Anonanonamous
11 years ago

0

I’ve used null byte injections before, so I’m not sure why I am having so much trouble with this one. I’ve been able to LFI the admin.php, but not to get the source code of it. Normally, I would just do something like page=../admin/index.php%00, but doing that here will obviously fail since there isn’t an admin directory. Like I said, I can LFI admin.php by setting p equal to ../admin.php%00, but it won’t get the source code for me.

Thanks,
Anonanonamous

Anonanonamous
11 years ago

0

Figures, literally as soon as I post this I figure it out

Reply has been removed
🐉 [Cheerfulbull]
4 years ago | edited 4 years ago

0

Something strange happens to the php code when you do the pretty background thingy

 

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

medusa00
4 years ago | reply to #3297

0

can u help me?

Reply has been removed
🐉 [Cheerfulbull]
4 years ago | reply to #81055

0

what do you need help WITH?

 

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

You must be logged in to reply to this discussion. Login
1 of 27

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss