The Guesbook Go to the The Guestbook challenge
The Guesbook
Nov 15, 2010 - 17:25:06 (13y 158d)
Nov 15, 2010 - 17:25:06 (13y 158d)
Hi all,
I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
I know the trick how to exploit it, I also recieve some error. I just don't get the correct string to exploit... any hint maybe what to google for?
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 50m
The User is Offline
RE: The Guesbook
Nov 15, 2010 - 18:25:40 (13y 158d)
Nov 15, 2010 - 18:25:40 (13y 158d)
I think there is nothing "specific" you could google for this challenge.
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.
Good luck!
As always, "Code you see is code in use". No simulations.
A good idea is maybe to create the database/tables yourself and do the injections on your localhost with mysql console.
Good luck!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4966
Totalscore: 3187
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 71d
Last Seen: 5y 151d
The User is Offline
RE: The Guesbook
Mar 02, 2012 - 14:22:16 (12y 50d)
Mar 02, 2012 - 14:22:16 (12y 50d)
It would be more helpful if you post the error messages here, instead the way of solving.
Regards
gizmore
Regards
gizmore
Last edited by gizmore - Mar 02, 2012 - 14:30:07
Global Rank: 4966
Totalscore: 3187
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 71d
Last Seen: 5y 151d
The User is Offline
RE: The Guesbook
Mar 03, 2012 - 07:22:00 (12y 50d)
Mar 03, 2012 - 07:22:00 (12y 50d)
I'm sorry about that. Actually figured what the garbled text was which I was getting as a reply. It was a gzipped version of the page. That is why I couldn't make head or tails of the characters. But now there is a new problem. My request gets timed out every time I send it to index.php . Even if I try without logging in and w/o adding the injection, it doesn't let me add entries to the guestbook. The code is what I posted yesterday. I can repost a short version of it here if you wouldn't mind (w/o the injection ofcourse).
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 50m
The User is Offline
RE: The Guesbook
Mar 03, 2012 - 17:37:00 (12y 49d)
Mar 03, 2012 - 17:37:00 (12y 49d)
Hmm, no idea what it could be.
You may post some code that does not spoil the vulnerability
You may post some code that does not spoil the vulnerability
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4966
Totalscore: 3187
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 71d
Last Seen: 5y 151d
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 15:22:39 (12y 47d)
Mar 05, 2012 - 15:22:39 (12y 47d)
Sure , here is the code that I am using to post the message onto the guestbook. It seems to timeout everytime I try posting it. I do get some reply but it always ends with a timeout. Sorry about the late reply BTW.
It gets time out everytime I try to post something. This is the error message :
I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
GeSHi`ed Plaintext code
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 30 |
<?php
$callserv = fsockopen("10.201.13.50",80); //This is the proxy server at my university. Opening a socket to it.
$out1 = "POST http://www.wechall.net/challenge/guestbook/index.php HTTP/1.1\r\n".
"Host: www.wechall.net\r\n".
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)\r\n".
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n".
"Accept-Language: en-us,en;q=0.8,ko-kr;q=0.5,mr;q=0.3\r\n".
"Accept-Encoding: gzip,deflate\r\n".
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n".
"Proxy-Authorization: Basic (blah blah blah)==\r\n". //These are my credentials. So removing them.
"Proxy-Connection: keep-alive\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 39\r\n".
"\r\n";
"message=Hello+World&sign=Sign+Guestbook";
//$out2 = "";
if(!$callserv){
echo "Sorry";
return;
}
else {
fwrite($callserv,$out1);
}
while (!feof($callserv)) {
echo fgets($callserv);
}
fclose($callserv);
?>
|
It gets time out everytime I try to post something. This is the error message :
GeSHi`ed Plaintext code
1
2
3
4
56
|
( ! ) Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\socket1.php on line 26
Call Stack
# Time Memory Function Location
1 0.0186 369376 {main}( ) ..\socket1.php:0
|
I was wondering why a request as the above would take so much time, while it posts properly from the browser in a very short time.
Global Rank: 109
Totalscore: 161664
Posts: 13
Thanks: 16
UpVotes: 15
Registered: 15y 65d
Last Seen: 358d 19h
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 18:09:56 (12y 47d)
Mar 05, 2012 - 18:09:56 (12y 47d)
Are you sure you don't have to enter some kind of password to be able to use the proxy?
Global Rank: 543
Totalscore: 46340
Posts: 220
Thanks: 205
UpVotes: 214
Registered: 13y 125d
The User is Offline
RE: The Guesbook
Mar 05, 2012 - 20:11:37 (12y 47d)
Mar 05, 2012 - 20:11:37 (12y 47d)
and why do you use a proxy? you could try the same without…
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it
Windows can be secure... but only if you don't use it
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 50m
The User is Offline
RE: The Guesbook
Mar 06, 2012 - 04:32:06 (12y 47d)
Mar 06, 2012 - 04:32:06 (12y 47d)
It seems like basic authentication is sent in some http header.
Also some universities might require a proxy to connect to the outside (not sure here)
As i have no experience with proxies i cannot help here.
Challenge idea?
gizmore
Also some universities might require a proxy to connect to the outside (not sure here)
As i have no experience with proxies i cannot help here.
Challenge idea?
gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 4966
Totalscore: 3187
Posts: 7
Thanks: 10
UpVotes: 11
Registered: 12y 71d
Last Seen: 5y 151d
The User is Offline
RE: The Guesbook
Mar 06, 2012 - 06:44:06 (12y 47d)
Mar 06, 2012 - 06:44:06 (12y 47d)
@ monnino : yes it needs a username and password. I have blanked them out by the (blah blah blah).
@ space : its not a choice
the university needs us to authenticate everytime we need to use the internet
@gizmore : Thanks anyways, will try some other way to get around it
@ space : its not a choice
the university needs us to authenticate everytime we need to use the internet@gizmore : Thanks anyways, will try some other way to get around it
jacobs, Redknee, tunelko, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, JanLitwin17, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 185253 times.
1 people are watching the thread at the moment.
This thread has been viewed 185253 times.