Username: 
Password: 
Restrict session to IP 

The Guesbook  Go to the The Guestbook challenge

1 2
Totalscore: 362537
Posts: 107
Thanks: 151
UpVotes: 94
Registered: 16y 216d
Jinx`s Avatar










The User is Offline
The Guesbook
Google/translate2Thank You!1Good Post!0Bad Post! link
Hi all,

I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
Global Rank: 243
Totalscore: 89477
Posts: 1678
Thanks: 1357
UpVotes: 916
Registered: 16y 273d




Last Seen: 4h 17m
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!1Bad Post! link
I think there is nothing "specific" you could google for this challenge.
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.

Good luck!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5057
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 280d
Last Seen: 5y 360d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
It would be more helpful if you post the error messages here, instead the way of solving.

Regards
gizmore
Last edited by gizmore - Mar 02, 2012 - 14:30:07
Global Rank: 5057
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 280d
Last Seen: 5y 360d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
I'm sorry about that. Actually figured what the garbled text was which I was getting as a reply. It was a gzipped version of the page. That is why I couldn't make head or tails of the characters. But now there is a new problem. My request gets timed out every time I send it to index.php . Even if I try without logging in and w/o adding the injection, it doesn't let me add entries to the guestbook. The code is what I posted yesterday. I can repost a short version of it here if you wouldn't mind (w/o the injection ofcourse).
Global Rank: 243
Totalscore: 89477
Posts: 1678
Thanks: 1357
UpVotes: 916
Registered: 16y 273d




Last Seen: 4h 17m
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
Hmm, no idea what it could be.
You may post some code that does not spoil the vulnerability Smile
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5057
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 280d
Last Seen: 5y 360d
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
Sure , here is the code that I am using to post the message onto the guestbook. It seems to timeout everytime I try posting it. I do get some reply but it always ends with a timeout. Sorry about the late reply BTW.
GeSHi`ed Plaintext code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
30
 
<?php
$callserv = fsockopen("10.201.13.50",80);    //This is the proxy server at my university. Opening a socket to it.
$out1 = "POST http://www.wechall.net/challenge/guestbook/index.php HTTP/1.1\r\n".
                "Host: www.wechall.net\r\n".
                "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)\r\n".
                "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n".
                "Accept-Language: en-us,en;q=0.8,ko-kr;q=0.5,mr;q=0.3\r\n".
                "Accept-Encoding: gzip,deflate\r\n".
                "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n".
                "Proxy-Authorization: Basic (blah blah blah)==\r\n". //These are my credentials. So removing them.
                "Proxy-Connection: keep-alive\r\n".
                "Content-Type: application/x-www-form-urlencoded\r\n".
                "Content-Length: 39\r\n".
                "\r\n";
                "message=Hello+World&sign=Sign+Guestbook";
//$out2 =       "";
if(!$callserv){
                echo "Sorry";
                return;
        }
else {
                fwrite($callserv,$out1);
        }
while (!feof($callserv)) {
        echo fgets($callserv);
    }
fclose($callserv);
?>
 


It gets time out everytime I try to post something. This is the error message :
GeSHi`ed Plaintext code
1
2
3
4
56
 
( ! ) Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\socket1.php on line 26
Call Stack
#       Time    Memory  Function        Location
1       0.0186  369376  {main}( )       ..\socket1.php:0
 


I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
Global Rank: 111
Totalscore: 161663
Posts: 13
Thanks: 16
UpVotes: 15
Registered: 15y 274d



Last Seen: 1y 202d
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
Are you sure you don't have to enter some kind of password to be able to use the proxy?
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 334d
space`s Avatar
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
and why do you use a proxy? you could try the same without…
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it Happy
Global Rank: 243
Totalscore: 89477
Posts: 1678
Thanks: 1357
UpVotes: 916
Registered: 16y 273d




Last Seen: 4h 17m
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
It seems like basic authentication is sent in some http header.
Also some universities might require a proxy to connect to the outside (not sure here)

As i have no experience with proxies i cannot help here.
Challenge idea?

gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5057
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 280d
Last Seen: 5y 360d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
@ monnino : yes it needs a username and password. I have blanked them out by the (blah blah blah). Smile
@ space : its not a choice Sad the university needs us to authenticate everytime we need to use the internet

@gizmore : Thanks anyways, will try some other way to get around it Smile
1 2
jacobs, Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 186395 times.