Dashboard Articles Playground Discussions More
Follow

Length exploit?

SecureUs

gudgip
10 years ago

0

Hi,

So I have successfully exploited a vuln. Now I wanna use it, of course.. but there is one problem.. my website name is too long to inject :/ any solutions?

Thanks!

13replies
6voices
255views
Luke [flabbyrabbit]
10 years ago

0

Try thinking in bits

 

Image

Mart
10 years ago

0

The website name can be as long as you like, but how to deal with it I couldn’t possibly comment

dalfor
10 years ago

0

I would take Mart and flabbyrabbit, then divide and conquer.

gudgip
10 years ago | edited 10 years ago

0

Hmm, nono :P The problem is, the string that shows the message title in the contact form gets capped at 10 or 15 characters :P So when my websitename is 10 characters, there is no room to encapsulate it into my injection.

Mart
10 years ago

1

and we’re telling you your website name can be much longer than that… “:P”

dalfor
10 years ago

1

That is true. Now read and re-read our hints and find another way to solve this challenge…

gudgip
10 years ago

0

Ok, thanks. I will try to find another exploit :)

dalfor
10 years ago

1

You may have the exploit. Just find another way to do it. Keep my initial hint in mind.

gudgip
10 years ago

0

Thank you. I’ve been able to inject it. But.. is the challenge up and running? Because nothing happens, but it works offline :s

[deleted user]
10 years ago

0

This is level is such a pain.

I was able to run the code for cookie and it also showed the cookie but it shows the cookie for HT!! and not for that website. Plus there is a character length limitation. I have searched a lot and still searching how to bypass that limitation of character length. Hopefully someday I would be really able to complete this. :)

gudgip
10 years ago

0

Ok I’ve found the solution.. when I myself am accessing the page I get all the information I need (I made it so all the information gets in my mailbox). But.. when does the admin check his contact page?

dloser
10 years ago

0

They will check it pretty quickly. But make sure that your solution will work for others too, not just yourself. If you are really really really sure it should work, find someone who has solved it and is willing to check your solution (in private).

gudgip
10 years ago

0

Thanks, I got it :-) looks like the admin didn’t check his messages for a few days ;-)

Discussion thread has been locked. You can no longer add new posts.
1 of 14

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss