Username: 
Password: 
Restrict session to IP 

The Guesbook  Go to the The Guestbook challenge

1 2
Totalscore: 338020
Posts: 107
Thanks: 151
UpVotes: 91
Registered: 11y 320d
Jinx`s Avatar










The User is Offline
The Guesbook
Google/translate2Thank You!1Good Post!0Bad Post! link
Hi all,

I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
Global Rank: 233
Totalscore: 84897
Posts: 1356
Thanks: 1201
UpVotes: 716
Registered: 12y 12d




Last Seen: 11h 23s
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!1Bad Post! link
I think there is nothing "specific" you could google for this challenge.
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.

Good luck!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4191
Totalscore: 3076
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 8y 19d
Last Seen: 1y 99d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
It would be more helpful if you post the error messages here, instead the way of solving.

Regards
gizmore
Last edited by Gizmore - Mar 02, 2012 - 14:30:07
Global Rank: 4191
Totalscore: 3076
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 8y 19d
Last Seen: 1y 99d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
I'm sorry about that. Actually figured what the garbled text was which I was getting as a reply. It was a gzipped version of the page. That is why I couldn't make head or tails of the characters. But now there is a new problem. My request gets timed out every time I send it to index.php . Even if I try without logging in and w/o adding the injection, it doesn't let me add entries to the guestbook. The code is what I posted yesterday. I can repost a short version of it here if you wouldn't mind (w/o the injection ofcourse).
Global Rank: 233
Totalscore: 84897
Posts: 1356
Thanks: 1201
UpVotes: 716
Registered: 12y 12d




Last Seen: 11h 24s
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
Hmm, no idea what it could be.
You may post some code that does not spoil the vulnerability Smile
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4191
Totalscore: 3076
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 8y 19d
Last Seen: 1y 99d
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
Sure , here is the code that I am using to post the message onto the guestbook. It seems to timeout everytime I try posting it. I do get some reply but it always ends with a timeout. Sorry about the late reply BTW.
GeSHi`ed Plaintext code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
30
 
<?php
$callserv = fsockopen("10.201.13.50",80);    //This is the proxy server at my university. Opening a socket to it.
$out1 = "POST http://www.wechall.net/challenge/guestbook/index.php HTTP/1.1\r\n".
                "Host: www.wechall.net\r\n".
                "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)\r\n".
                "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n".
                "Accept-Language: en-us,en;q=0.8,ko-kr;q=0.5,mr;q=0.3\r\n".
                "Accept-Encoding: gzip,deflate\r\n".
                "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n".
                "Proxy-Authorization: Basic (blah blah blah)==\r\n". //These are my credentials. So removing them.
                "Proxy-Connection: keep-alive\r\n".
                "Content-Type: application/x-www-form-urlencoded\r\n".
                "Content-Length: 39\r\n".
                "\r\n";
                "message=Hello+World&sign=Sign+Guestbook";
//$out2 =       "";
if(!$callserv){
                echo "Sorry";
                return;
        }
else {
                fwrite($callserv,$out1);
        }
while (!feof($callserv)) {
        echo fgets($callserv);
    }
fclose($callserv);
?>
 


It gets time out everytime I try to post something. This is the error message :
GeSHi`ed Plaintext code
1
2
3
4
56
 
( ! ) Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\socket1.php on line 26
Call Stack
#       Time    Memory  Function        Location
1       0.0186  369376  {main}( )       ..\socket1.php:0
 


I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
Global Rank: 103
Totalscore: 160951
Posts: 13
Thanks: 16
UpVotes: 15
Registered: 11y 13d



Last Seen: 52d 14h
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
Are you sure you don't have to enter some kind of password to be able to use the proxy?
Global Rank: 484
Totalscore: 46531
Posts: 200
Thanks: 177
UpVotes: 173
Registered: 9y 73d
space`s Avatar
The User is Offline
RE: The Guesbook
Google/translate2Thank You!2Good Post!0Bad Post! link
and why do you use a proxy? you could try the same without…
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it Happy
Global Rank: 233
Totalscore: 84897
Posts: 1356
Thanks: 1201
UpVotes: 716
Registered: 12y 12d




Last Seen: 11h 24s
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
It seems like basic authentication is sent in some http header.
Also some universities might require a proxy to connect to the outside (not sure here)

As i have no experience with proxies i cannot help here.
Challenge idea?

gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4191
Totalscore: 3076
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 8y 19d
Last Seen: 1y 99d
The User is Offline
RE: The Guesbook
Google/translate1Thank You!1Good Post!0Bad Post! link
@ monnino : yes it needs a username and password. I have blanked them out by the (blah blah blah). Smile
@ space : its not a choice Sad the university needs us to authenticate everytime we need to use the internet

@gizmore : Thanks anyways, will try some other way to get around it Smile
1 2
jacobs, Redknee, tunelko, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 181173 times.