Cody’s First Blog
Flag 0
- Toooo much information was given on the first step. If you red it right, you have 2 red flags already 1, it’s php and second include() nothing wrong with PHP per-se, just when you are first time into it, you make alot of security mistakes.
- XSS wont pass in here, tried but this wont work here.
- but if you didn’t close a few commands in the backend, try to pass some php code as an html format and see what you get?
- ie: in the comments type <?php phpinfo()?>
- Flag 0 foundĀ geez that was too easy.
Flag 1
- All cms / blog systems have an admin interface, I mean it’s a way to control a blog content management system.
- I used burp suite for this to investigate what goes where and what gets executed and I found ?page=admin.atuh.inc
- Found user/password
- Lets do something extremely silly as this is “Cody’s first blog” after all lets see if he made a mistake, remove auth and use ?page=admin.inc
- Flag 1 found
Flag 2
- using burp suite to see more of what gets passed thru.
- Idea for this one is to use php blind injection to read the index.php source.
- pop in this command, this took me a bit to find as it’s been a while since I’ve used php.
- <?php echo readfile(“index.php”)?> in the comments like in flag0
- check the source (or use burp to see the source)
- Flag 2 found in the index.php source.