Forum Discussion
Letter to Santa Entry access?
can anyone hint on how to get into letter.php .. i tried every kind of lfi possible and not able to get access to the letter service.. when ever i try just gets printed as is.
Hey webbug2005 you must go with SSI in Apache
<!--#exec cmd="command you want to execute" -- >
5 Replies
- SamDickison
Community Manager
Hey webbug2005, I know some people who've completed this lab may have a suggestion for you.
Xat netcat FurnaceDeceiver domel44 byterider
Otherwise I can get someone from the team to help you! :-) Hey webbug2005 you must go with SSI in Apache
<!--#exec cmd="command you want to execute" -- >I did try this earlier.. tried it again today by changing the way i was calling it.. it worked.. now im stuck to use chmod.sh to get me access to final token ..i am not able to create --reference file in letters ..
i solved this.. was creating a reference file in /tmp worked like a charm if i did a simple file inside letters..
Hi webbug2005
Right, any text you enter gets echoed back as a summary. My first instinct was to check what happens with HTML tags. Right away some success there, but what can I do with that? Can something like an image or iframe tag read files from the file system? Next, I googled around for something that can include a file. Found some docs about some old feature. Even executing commands seems possible…
