Task 2

The system is located in the /LOCALHOST/ZADACHI/2/ folder on the CD-ROM. It is available at http://localhost/zadachi/1/index.php if the HTTP server is installed.

The system is similar to the previous one, but it uses another algorithm to check passwords. As with the previous system, you cannot access files.

You have the link to one of the uploaded files:


  • Goal 1. Find a vulnerability that would allow you to read any files. Use this vulnerability to examine the image from book  INDEX.PHP file and clear up how the password check can be circumvented, or find a valid password. Then upload any file to the server.

  • Goal 2. Find a vulnerability in the processing of uploaded files and bypass the . /upload/ directory to upload your file into the system root ( http://localhost/zadachi/2/ ) rather than into this folder. Upload PHP shell code into this location.

Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
Year: 2005
Pages: 77

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net