In Hack.lu 2018 - BabyPHP challenge, there is an unsanitized user input vulnerability which results in unintended behaviors as well as code injection. First, we can provide a data: URL to file_get_contents to return the required value. Then, we should pass Array in the parameter, so we force substr and sha1 return null. Also, we can override the values of arbitrary variables using $$ in PHP. Finally, we can run arbitrary code by passing arbitrary $bb value into assert in order to print $flag. This is an interesting web challenge to learn how to attack PHP applications.
babyphp
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||