| ||
The system is located in the /LOCALHOST/ZADACHI/3/ folder on the CD-ROM. It is available at http://localhost/zadacri/3/index.php if the HTTP server is installed.
It displays the current date and time. The . /etc/ directory that contains system configuration files is inaccessible. The system works in one of three modes.
Goal 1. Clear up how the system settings are switched.
Goal 2. Find an error in how the mode parameters are interpreted. Then find another error that discloses the contents of some included files.
Goal 3. Examine the code of the included files and find an error that causes the global PHP source code injection vulnerability.
Goal 4. Exploit this vulnerability to obtain the contents of the /ETC/MAIN.CFG file.
After you obtain the contents of this file, the task will be considered solved .
| ||