The Guesbook Go to the The Guestbook challenge
The Guesbook
Nov 15, 2010 - 17:25:06 (14y 1d)
Nov 15, 2010 - 17:25:06 (14y 1d)
Hi all,
I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d
Last Seen: 7s
The User is Online
RE: The Guesbook
Nov 15, 2010 - 18:25:40 (14y 1d)
Nov 15, 2010 - 18:25:40 (14y 1d)
I think there is nothing "specific" you could google for this challenge.
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.
Good luck!
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.
Good luck!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5055
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 279d
Last Seen: 5y 358d
The User is Offline
RE: The Guesbook
Mar 02, 2012 - 14:22:16 (12y 258d)
Mar 02, 2012 - 14:22:16 (12y 258d)
It would be more helpful if you post the error messages here, instead the way of solving.
Regards
gizmore
Regards
gizmore
Last edited by gizmore - Mar 02, 2012 - 14:30:07
Global Rank: 5055
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 279d
Last Seen: 5y 358d
The User is Offline
RE: The Guesbook
Mar 03, 2012 - 07:22:00 (12y 257d)
Mar 03, 2012 - 07:22:00 (12y 257d)
I'm sorry about that. Actually figured what the garbled text was which I was getting as a reply. It was a gzipped version of the page. That is why I couldn't make head or tails of the characters. But now there is a new problem. My request gets timed out every time I send it to index.php . Even if I try without logging in and w/o adding the injection, it doesn't let me add entries to the guestbook. The code is what I posted yesterday. I can repost a short version of it here if you wouldn't mind (w/o the injection ofcourse).
Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d
Last Seen: 7s
The User is Online
RE: The Guesbook
Mar 03, 2012 - 17:37:00 (12y 257d)
Mar 03, 2012 - 17:37:00 (12y 257d)
Hmm, no idea what it could be.
You may post some code that does not spoil the vulnerability
You may post some code that does not spoil the vulnerability
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5055
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 279d
Last Seen: 5y 358d
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 15:22:39 (12y 255d)
Mar 05, 2012 - 15:22:39 (12y 255d)
Sure , here is the code that I am using to post the message onto the guestbook. It seems to timeout everytime I try posting it. I do get some reply but it always ends with a timeout. Sorry about the late reply BTW.
It gets time out everytime I try to post something. This is the error message :
I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
GeSHi`ed Plaintext code
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 30 |
<?php
$callserv = fsockopen("10.201.13.50",80); //This is the proxy server at my university. Opening a socket to it.
$out1 = "POST http://www.wechall.net/challenge/guestbook/index.php HTTP/1.1\r\n".
"Host: www.wechall.net\r\n".
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)\r\n".
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n".
"Accept-Language: en-us,en;q=0.8,ko-kr;q=0.5,mr;q=0.3\r\n".
"Accept-Encoding: gzip,deflate\r\n".
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n".
"Proxy-Authorization: Basic (blah blah blah)==\r\n". //These are my credentials. So removing them.
"Proxy-Connection: keep-alive\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 39\r\n".
"\r\n";
"message=Hello+World&sign=Sign+Guestbook";
//$out2 = "";
if(!$callserv){
echo "Sorry";
return;
}
else {
fwrite($callserv,$out1);
}
while (!feof($callserv)) {
echo fgets($callserv);
}
fclose($callserv);
?>
|
It gets time out everytime I try to post something. This is the error message :
GeSHi`ed Plaintext code
1
2
3
4
56
|
( ! ) Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\socket1.php on line 26
Call Stack
# Time Memory Function Location
1 0.0186 369376 {main}( ) ..\socket1.php:0
|
I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
Global Rank: 111
Totalscore: 161662
Posts: 13
Thanks: 16
UpVotes: 15
Registered: 15y 273d
Last Seen: 1y 201d
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 18:09:56 (12y 255d)
Mar 05, 2012 - 18:09:56 (12y 255d)
Are you sure you don't have to enter some kind of password to be able to use the proxy?
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 333d
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 20:11:37 (12y 255d)
Mar 05, 2012 - 20:11:37 (12y 255d)
and why do you use a proxy? you could try the same without…
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it
Windows can be secure... but only if you don't use it
Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d
Last Seen: 7s
The User is Online
RE: The Guesbook
Mar 06, 2012 - 04:32:06 (12y 254d)
Mar 06, 2012 - 04:32:06 (12y 254d)
It seems like basic authentication is sent in some http header.
Also some universities might require a proxy to connect to the outside (not sure here)
As i have no experience with proxies i cannot help here.
Challenge idea?
gizmore
Also some universities might require a proxy to connect to the outside (not sure here)
As i have no experience with proxies i cannot help here.
Challenge idea?
gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 5055
Totalscore: 3182
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 279d
Last Seen: 5y 358d
The User is Offline
RE: The Guesbook
Mar 06, 2012 - 06:44:06 (12y 254d)
Mar 06, 2012 - 06:44:06 (12y 254d)
@ monnino : yes it needs a username and password. I have blanked them out by the (blah blah blah).
@ space : its not a choice
the university needs us to authenticate everytime we need to use the internet
@gizmore : Thanks anyways, will try some other way to get around it
@ space : its not a choice
the university needs us to authenticate everytime we need to use the internet@gizmore : Thanks anyways, will try some other way to get around it
jacobs, Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 186390 times.
1 people are watching the thread at the moment.
This thread has been viewed 186390 times.