Donate to us!
I'd prefer to die standing, than to live on my knees - Che Guevara
Wednesday, May 23, 2018
 Need Help?
Members Online
Total Online: 101
Guests Online: 99
Members Online: 2

Registered Members: 105261
Newest Member: apkeditorproapk
Latest Articles

Web Patching 1 to 3

Arrow Image A guide for the web patching challenges, may contain spoilers.

Here's my article on web patching one to three, for these challenges you will need some basic knowledge of php.

_Web Patching 1_
On this challenge you see that the code echo"s the variable: $_POST['username'].
For example, if you typed "floobman mc doodle" in the username box and hit submit it would say "Logged in as floobman mc doodle."
But, if you tried injecting some html tags into the box, as the script don't filter html tags it will output whatever html you put in.
You should know the name of this. If you don't know how to get rid of html tags from being inputted, try googling.

_Web Patching 2_
Right, you can see that this one has an sql query, so that should give you an idea of what kind of exploit this is.
To patch it, you have to know that you need to make it add a slash in front of the apostrophes and quote marks to stop the exploit.
Again, if you don't know the function for this, google.

_Web Patching 3_
Moving on to the third patching challenge, this script is meant to include whatever file you choose through the variable: $page = $_GET['page'].
The script also adds ".php" onto the end of the included file, so if you typed: something.php?page=something, it would include itself. But using our knowledge of poison null bytes, you could try this: something.php?page=/etc/passwd/%00 to try and view the password file.
The way you are suppsoed to patch this is the opposite of web patching two.

I hope this article has helped you, I realise it is quite a short article, but I couldn't think of any way to make it longer.


godon May 07 2006 - 17:32:24
nice!! right to the point and doesnt spoil it B)
Mr_Cheeseon May 07 2006 - 17:48:25
yeah excellent. gives just the right amount of information away Smile This will certainly help a few people who are stuck on it.
wolfmankurdon May 07 2006 - 18:45:32
nice, whats up with the _'s?
system_meltdownon May 07 2006 - 19:03:30
Dunno, lol, I just thought it looked good Grin
TAoSon May 07 2006 - 19:20:47
Good articles, concise without being bland or giving too much away. I just had the exploit types wrong haha.
the_flashon May 07 2006 - 19:59:37
great article, i understand more about them even though i completed it lol^^
mastergameron May 09 2006 - 16:56:21
Well done, great article
sharpskater80on July 24 2006 - 06:27:51
_good one_
netfishon August 04 2006 - 10:12:08
very helpful!
mr noobon November 04 2006 - 21:49:34
theres actually bout 10 functions to add the backslashes
austinatoron March 18 2008 - 10:55:29
thanks a lot this is well written and straight to the point without any spoilers. Grin
rollingon May 01 2008 - 14:49:14
floobman mc doodle 4tw! lol jk nice article helped me a lot
s3klymaon May 08 2008 - 00:49:18
I like the article.. but I have a thought. For the third one, couldn't the exploit be RFI? I thought that what needed to be done was to filter out '?'
SaMTHGon June 03 2008 - 19:38:00
Top Marks
zberton August 26 2008 - 03:34:39
Good article, no spoilers and really just gave an idea what to google... Google is my friend but it helps to know what to think of...
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.