Unknown column 'settings_name' in 'where clause'
Notice: Undefined variable: data in /home/override/public_html/mobile/wap-maincore.php on line 284
SecurityOverride

SecurityOverride

Home Forum Articles Login

Thread Display
[ Advanced Challenges ]
how did i pass level 3
[sisyang - 11/06/2014 22:02 ]
good .....
[ Advanced Challenges ]
how did i pass level 3
[t4r4t3ux - 25/05/2014 16:35 ]
yES. aMAzing clue. That is all :)
[ Advanced Challenges ]
how did i pass level 3
[Techno Master - 05/02/2014 12:02 ]

Teddy wrote:

No. I think you really were just luck. We are talking about Adv 3 right?



The goal of that challange is to upload a .jpeg file indeed. If you iust have that file on the server there would be no harm. Because a jpeg cannot get executed. However if you have a LFI vulnerabilty you are maybe able to "execute" the "code" inside a jpeg.



So in the end you do not pass the filtering function but rather trick the system.



http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf => 5.2 Uploading user content with Embedded PHP code







This is a HUGE HUGE HUGE HUGE HUGE clue, if you cannot pass the challenge after this post, you should give up :P
[ Advanced Challenges ]
how did i pass level 3
[Teddy - 25/12/2013 05:32 ]
No. I think you really were just luck. We are talking about Adv 3 right?



The goal of that challange is to upload a .jpeg file indeed. If you iust have that file on the server there would be no harm. Because a jpeg cannot get executed. However if you have a LFI vulnerabilty you are maybe able to "execute" the "code" inside a jpeg.



So in the end you do not pass the filtering function but rather trick the system.



http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf => 5.2 Uploading user content with Embedded PHP code
[ Advanced Challenges ]
how did i pass level 3
[sisyang - 25/12/2013 03:37 ]
luckly, i passed lv3 by doing uploading XXX.jpg (size XXX).

but other size of YYY.jpg is not uploaded.

This means file size filter and extension name on server side. right ???