Thread subject: Security Override :: recon 5 brick wall

Posted by GuessWho on 09/10/2013 11:42:04
#1

hey guys,

Please point me in the right direction here.

I use the 3rd option from https://www.owasp.org/index.php/Full_Path_Disclosure and restart the page that displays the 404 error to obtain the path and I keep getting /images/images/favicon.ico but when I enter it I get told it's wrong and to try again. What am I doing wrong or where should I look for a better answer?

Been battling with this for 2 days now

Thanks

Posted by madf0x on 09/10/2013 20:33:43
#2

The whole bit about an array is a lie from a long time ago that never got fixed for reasons I don't remember.

Try NOT using an array, use other methods.

Posted by w4rezi1 on 12/23/2013 16:10:52
#3

Hi people,

i'm trying to get out the reacon 5 with JS Injection but nothing appened. (i read full path disclosure, almost 30 times lol !)

But my page just resfresh her self with the injection, nothing else.
I'm on the good way ?

However i don't understand why we need to use array ? it's not on the reacon 4 maybe ? (i use it).

Thanks , and sorry for my english :p

Posted by vedburtruba on 12/24/2013 04:08:11
#4

I suppose this is some kind of mistake in description of 4 and 5 recons.

4 is about arrays. 5 is about php session.

Posted by w4rezi1 on 12/24/2013 04:17:04
#5

Hi,

Yes it's what i saw.
But php session doesn't work for me.

I'm using firefox, maybe i need to open security or something else.
I'm trying with another laptop, maybe...

Posted by vedburtruba on 12/24/2013 04:20:13
#6

I have resolved this one in Chrome with Edit this Cookie plugin. I believe that browser doesn't matter.You just do it in the wrong way.

Posted by w4rezi1 on 12/24/2013 04:23:47
#7

vedburtruba wrote:
I have resolved this one in Chrome with Edit this Cookie plugin. I believe that browser doesn't matter.You just do it in the wrong way.


Ok 'im trying so with it.

Thanks bro.

[edit]: That's good, nice work thanks.

Edited by w4rezi1 on 12/24/2013 04:30:00

Posted by madsoft on 01/29/2014 04:30:15
#8

vedburtruba wrote:
I suppose this is some kind of mistake in description of 4 and 5 recons.

4 is about arrays. 5 is about php session.


Looks like that indeed. At level 4 you need arrays, at level 5 you don't.
Took me quite some time to figure that out. After that, it was easy :)

Posted by bigger_a on 05/03/2014 07:33:30
#9

I test it in firefox with the plugin firebug, It is the php session problem.
When I delete the php session and refresh the page I get the FP