Task 3

The system is located in the /LOCALHOST/ZADACHI/3/ folder on the CD-ROM. It is available at http://localhost/zadacri/3/index.php if the HTTP server is installed.

It displays the current date and time. The . /etc/ directory that contains system configuration files is inaccessible. The system works in one of three modes.

  • Goal 1. Clear up how the system settings are switched.

  • Goal 2. Find an error in how the mode parameters are interpreted. Then find another error that discloses the contents of some included files.

  • Goal 3. Examine the code of the included files and find an error that causes the global PHP source code injection vulnerability.

  • Goal 4. Exploit this vulnerability to obtain the contents of the /ETC/MAIN.CFG file.

After you obtain the contents of this file, the task will be considered solved .

Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
Year: 2005
Pages: 77

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net