Saturday, November 1, 2014

Natas 9

This one lets us see the PHP code:

This looks like the first example of command injection so far. What happens if we pass a string that, when put in the middle of the "grep -i _____ dictionary.txt" string will cause a completely unintended command to get executed?

For example, what if we send it "hello dictionary.txt; cat /etc/natas_webpass/natas10; grep -i hello"?

The final command that will get executed should be: "grep -i hello dictionary.txt; cat /etc/natas_webpass/natas10; grep -i hello dictionary.txt"


No comments:

Post a Comment