Level 9 - Level 10
Last updated
Last updated
Again an input field with a link to the source code.
This time, the source code logic contains input validation using Regular Expression.
Breaking down the RegExp pattern:
This time also, the input field is vulnerable to command injection, since the input is directly substituted in the command. But this time we have to bypass the input validation.
Grep will return the entire content if we give an empty string ( "" ) as a filter. We can leverage this feature to bypass the validation by using the payload: "" /etc/natas_webpass/natas11 #
.
If we give the above payload as the input the resultant command on the server would be:
grep -i "" /etc/natas_webpass/natas11 #
dictionary.txt
where:
/etc/natas_webpass/natas11
- location of the password file.
#
is used to comment out the remaining command ( PHP Comments )
Direct link to solution: http://natas10.natas.labs.overthewire.org/?needle=+%22%22+%2Fetc%2Fnatas_webpass%2Fnatas11+%23&submit=Search