NULL ISSUE

Saif el Sherei [ssherei]
11 years ago

0

NULL byte parsing is not working !! its not parsing did the challenge change or something

lopocachino
11 years ago

0

There is a way around it… Null parsing works if the site hasn’t compensated for it, but if they have, research a bit more and you’ll get it.

Some mornings it’s not worth chewing through the straps.

Saif el Sherei [ssherei]
11 years ago

0

thanks

lopocachino
11 years ago

0

No problem.. let me know when you get it solved.

Good luck, have fun ^^

Some mornings it’s not worth chewing through the straps.

Saif el Sherei [ssherei]
11 years ago

0

thanks again got it :D

pns
11 years ago | edited 11 years ago

0

I try www.hackthis.co.uk/levels/real/level6/index.php?p=[removed]

but: [removed] on line 22

Edit: your post was so close to the answer, that I had to edit it

daMage
11 years ago

0

You’re missing just a couple small things…

daMage

prisonbreak
11 years ago

0

Please use alternative of null byte.

n01Tekos
11 years ago

0

what’s php.html i haven’t just .php

Warning: file_get_contents(admin.php.html) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22

daMage
11 years ago

0

@n01Tekos:
That’s part of the challenge…

daMage

n01Tekos
11 years ago | edited 11 years ago

0

Pff hardly no good

<?php
$contents = file_get_contents($file)?
?>

or
<?php $contents = file_get_contents($file)?
ob_start();
include($file);
$contents = file-get-contents();
?>

or

blablabla/?p=[removed]

idem DOES NOT WORK

AIE!! AIE!! AIE!!
Edit: no spoilers please

daMage
11 years ago | edited 11 years ago

0

What doesn’t work? The vulnerability we are discussing here isn’t always exploitable; it depends on the server configuration.

And maybe you are missing the point here. Re-read the error message and see what you are missing…

daMage

Idletester [idletester]
11 years ago

0

The error messages will give you the way to find the page
source you are looking for and the directory you need to be in.

IDLETESTER

Idletester [idletester]
11 years ago

0

Oh and the so-called poison null byte works fine for this level.

IDLETESTER

J [ColdIV]
11 years ago

0

Don’t post spoiler.. that’s way too close to the solution.

AHSR
11 years ago

0

sr i don’t know :D . Btw , is it require something to finish ?

AHSR
11 years ago | edited 11 years ago

0

i don’t know why [removed] part doesn’t work == event with [removed too]
Edit: removed spoilers

J [ColdIV]
11 years ago

0

I’d check the null byte you used there. And please edit your post not to spoil the fun.

nopcron
11 years ago

0

Can I PM someone regarding my syntax. Even though I am completely sure I am doing it right, I keep getting the “No such file or directory in pages on line 22 ” error.

J [ColdIV]
11 years ago

0

You can send it to me, I’ll try to help you then.

daMage
11 years ago

0

@nopcron:
I think you are missing just 1 little thing, 2 at max…

daMage

nopcron
11 years ago

0

I wasn’t missing anything and it should have worked smoothly.
I suppose this challenge is simulated, that being the reason why my way of doing it wasn’t working.

Anonanonamous
10 years ago

0

I’ve used null byte injections before, so I’m not sure why I am having so much trouble with this one. I’ve been able to LFI the admin.php, but not to get the source code of it. Normally, I would just do something like page=../admin/index.php%00, but doing that here will obviously fail since there isn’t an admin directory. Like I said, I can LFI admin.php by setting p equal to ../admin.php%00, but it won’t get the source code for me.

Thanks,
Anonanonamous

Anonanonamous
10 years ago

0

Figures, literally as soon as I post this I figure it out

Reply has been removed

🐉 [Cheerfulbull]
3 years ago | edited 3 years ago

0

Something strange happens to the php code when you do the pretty background thingy

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

medusa00
3 years ago | reply to #3297

0

can u help me?

Reply has been removed

🐉 [Cheerfulbull]
3 years ago | reply to #81055

0

what do you need help WITH?

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

Princess slag

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0