Follow us on Twitter!
Ideas are far more powerful than guns.
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 25
Members Online: 7

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Challenges | Patching

Author

help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:20
ok i have to patch this for a challenge somewhere else and i believe i am doing it right but its saying no

Code
   
   1.     <?php
   2.      if(isset($_POST['submit']))
   3.      {
   4.      $user = $_POST['user'];
   5.      $pass = $_POST['pass'];
   6.       
   7.      if($user == "admin" && $pass == "pass132")
   8.      {
   9.      echo "Logged in";
  10.      } else {
  11.      echo "I'm sorry {$user}, the password you entered is incorrect.";
  12.      }
  13.       
  14.      } else {
  15.      echo "<form action='' method='post'>".
  16.      "Username: <input type='text' name='user'><br>".
  17.      "Password: <input type='password' name='pass'><br>".
  18.      "<input type='submit' name='submit' value='Login'>".
  19.      "</form>";
  20.      }
  21.       
  22.      ?>




i belive it is

line = 11

patched line = echo striptags("I'm sorry {$user}, the password you entered is incorrect.");

exploit type = XSS

any help. i know its probably something simple that im over looking


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:32
strip_tags is the name of the function.




Edited by on 15-10-08 21:32
Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:43
nope still isn't working


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:52
Try different names for the exploit.


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:54
ive tried xss XSS cross site scripting Cross Site Scripting

nothing. maybe its down


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 21:57
Also, you could try sanitizing the variable before it becomes a variable.


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 01:26
no it won't except doing that eigther


Author

RE: help patch some php


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 02:49
You're probably not doing the full solution... or you're still doing the solution in the wrong place. Remember, it's a simulated challenge; you have to pick the *best* place to patch it, not just a good one.