Hack my code, please.

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
Big-E
Administrator
Administrator
Posts: 1332
Joined: 16 May 2007, 16:00
16
Location: IN UR ____ , ____ING UR _____ .
Contact:
Contact Big-E

Hack my code, please.

Post by Big-E »

Okay, so I was bored at work so I figured I would write [hackable] code. So kinda like a 'spot what doesn't belong' game, please 'find the exploit' in my code.

Entertain me please, for I am bored.

Code is here: http://code.suck-oold.com/23
Top
User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:
Contact DNR

highlight as entertainment

Post by DNR »

Reedit as everyone is replying in this format

just off hand after a quick look ( i hate contests)
why do you have 'a href=' when echo will display the output?

:roll:
DNR
Last edited by DNR on 24 May 2008, 08:04, edited 1 time in total.
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Top
User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
18

Post by Gogeta70 »

Found it.

Spoiler: (highlight text from here) When you set the variable $file, it retrieves it's value from the url, but never filter the input, so people can navigate to any directory or file on your machine.
¯\_(ツ)_/¯ It works on my machine...
Top
G-Brain
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 467
Joined: 08 Nov 2007, 17:00
16
Location: NL

Post by G-Brain »

Apart from the obvious directory traversing, there's no part where you can actually view files. All it does is list directories, and the links it generates don't even work. Also, why are line 3 and 4 in that order? Finally, the code is very repetitive, you could have put that directory listing into a function, would have saved you about 10 lines.
Top
User avatar
Big-E
Administrator
Administrator
Posts: 1332
Joined: 16 May 2007, 16:00
16
Location: IN UR ____ , ____ING UR _____ .
Contact:
Contact Big-E

Post by Big-E »

G-Brain wrote:Apart from the obvious directory traversing, there's no part where you can actually view files. All it does is list directories, and the links it generates don't even work. Also, why are line 3 and 4 in that order? Finally, the code is very repetitive, you could have put that directory listing into a function, would have saved you about 10 lines.
For some, it`s not so obvious - I wasn't creating anything 'advanced'. The links do infact work, run the code on your server and see. Line 3 and 4 are in that order, because they can be. PHP is a loose language in which variables do not have to be declared before they are called - just like you don't have to define it. Finally, I was not programming for efficiency - copy et paste works just fine - normally I would put all my functions in a single file and static variables in another, then go from there.
Top
G-Brain
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 467
Joined: 08 Nov 2007, 17:00
16
Location: NL

Post by G-Brain »

Big-E wrote:The links do infact work, run the code on your server and see.
I have, and they don't work on my Slackware-current Apache + PHP5 install. What kind of server are you running?

Edit: Never mind, you assumed the name "index.php" for the script. It would be good practice to use basename(__FILE__) instead of assuming. Nice challenge nonetheless.
Last edited by G-Brain on 24 May 2008, 14:03, edited 1 time in total.
Top
User avatar
Big-E
Administrator
Administrator
Posts: 1332
Joined: 16 May 2007, 16:00
16
Location: IN UR ____ , ____ING UR _____ .
Contact:
Contact Big-E

Post by Big-E »

G-Brain wrote:
Big-E wrote:The links do infact work, run the code on your server and see.
I have, and they don't work on my Slackware-current Apache + PHP5 install. What kind of server are you running?
Ubuntu Server, Apache2 + PHP5
Top
Post Reply

Return to “Hacking/Wardriving”