Forum Discussion

webbug2005

Bronze II

26 days ago

Solved

Letter to Santa Entry access?

can anyone hint on how to get into letter.php .. i tried every kind of lfi possible and not able to get access to the letter service.. when ever i try just gets printed as is.

challenges

immersive labs

domel44
26 days ago
Hey webbug2005 you must go with SSI in Apache
<!--#exec cmd="command you want to execute" -- >

byterider

Bronze I

26 days ago

Hi webbug2005
Right, any text you enter gets echoed back as a summary. My first instinct was to check what happens with HTML tags. Right away some success there, but what can I do with that? Can something like an image or iframe tag read files from the file system? Next, I googled around for something that can include a file. Found some docs about some old feature. Even executing commands seems possible…

Forum Discussion

Letter to Santa Entry access?

Featured Places

Help

Related Content

A Letter to Santa

Credential Access: Using Hydra

help with A Christmas Catastrophe: A Letter to Santa

Credential Access: Password Hashing Algorithms

S3: Access Policies (Q5)

Recent Discussions

Git Security: Git History

No files show up in the Microsoft Azure Basics: Function Apps lab

Introduction to Detection Engineering: Ep.5 – Custom Alerting

AI Plugin Injection

Jinja2 Pen test