Very late but their 24th level seems to be broken virgoman.
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Simple & Fun Challenges To Solve
Started by
gagsec
, Oct 21 2007 03:38 PM
34 replies to this topic
#31
webdevil
-
- Sergeant Major
-
- 1,195 posts
Retired GSO General
#32
extreme
-
- Sergeant Major
-
- 615 posts
Specialist
Posted 22 November 2008 - 06:49 AM
Definetlly tried zilions things with Level26.. Can't budge :/
P.S. Admin has put the solution to Level24 since the site is down...
P.S. Admin has put the solution to Level24 since the site is down...
САМО СЛОГА СРБИНА СПАСАВА
#33
webdevil
-
- Sergeant Major
-
- 1,195 posts
Retired GSO General
#34
extreme
-
- Sergeant Major
-
- 615 posts
Specialist
Posted 23 November 2008 - 04:53 PM
Nope... I was pretty sure that we have to use the filemanager feature, and only feature is virtual editing of the files..
So, we can access this file:
http://hax.tor.hu/le...l26/users/admin
there is a function that checks if "cwd" value is allright..
so, if we try something like this:
http://hax.tor.hu/level26/filemanager/inde...46;/../
or this:
http://hax.tor.hu/le...hu/www/level26/
..it won't work..
I don't think it's steganography, or keeping data in EXIF area of the images...
So, we can access this file:
http://hax.tor.hu/le...l26/users/admin
there is a function that checks if "cwd" value is allright..
so, if we try something like this:
http://hax.tor.hu/level26/filemanager/inde...46;/../
or this:
http://hax.tor.hu/le...hu/www/level26/
..it won't work..
I don't think it's steganography, or keeping data in EXIF area of the images...
САМО СЛОГА СРБИНА СПАСАВА
#35
Genesis
-
- Members
-
- 36 posts
Private First Class
Posted 01 December 2008 - 04:26 PM
These challenges are hella fun!
I'm going to learn some XSS and try again.
I'm going to learn some XSS and try again.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
