Hashable

Challenge Information

Category: Web Security
Level: medium
Points: 100

description

A famous enterprise blog was hacked, can you figure out how it was hacked?

Solution

after access the lab we open it

now search for find any input field to inject it , well i think contact it's contain input field

we have 3 goood , now try to see if the page contain input filtration by type (@$<>|\'";:)

Well from error we see that the website execute the commands with the eval function, if you don't what is eval() function ? In some programming languages, eval , short for evaluate, is a function which evaluates a string as though it were an expression in the language, and returns a result; in others, it executes multiple lines of code as though they had been included instead of the line including the eval: ,okay i will try to type thank${system('ls')} this payload to list all files and directors

we got it , just type thank${system('cat flag_23894ABCX1.txt')} to show the file contet

done 🎉

PreviousNewsletter NextEasy access

Last updated 8 months ago