Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 25
Members Online: 5

Registered Members: 82903
Newest Member: Piriformis
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Poison NULL byte in Basic23

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 09:29
i was reading on the RFI post and the include syntax reminded me of the poison NULL byte thing. Anyways i have a question for anyone who is good with this exploit, why cant you use it in Basic 23 where it says show.php?page=

couldnt you plugin show.php%00 where %00 escapes and get the entire php source code???



:ninja:
http://2130706433
Author

RE: Poison NULL byte in Basic23

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 24-06-08 09:37
You may wanna check this thread:http://www.hellbo. . .tml#110897

Also now I'm just guessing, but again as the challenge is hardcoded and you don't actually include the remote file, you won't be able to null byte poison it for same reason...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Poison NULL byte in Basic23

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 09:42
but on a site with RFI it would work??



:ninja:
http://2130706433
Author

RE: Poison NULL byte in Basic23

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 24-06-08 09:46
yeah It should return the source of the page...

But don't forget filters etc. which may in many times prevent the poisoning


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 24-06-08 09:47
clone_4@hotmail.com
Author

RE: Poison NULL byte in Basic23

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 09:54
then why wont it work in real 11 when i try to use the page include from the why firm page to access /clients/login.php%00



:ninja:
http://2130706433
Author

RE: Poison NULL byte in Basic23

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 24-06-08 09:57
DeafCode wrote:
then why wont it work in real 11 when i try to use the page include from the why firm page to access /clients/login.php%00


you should have checked the url I gave you, here is the answer:
Mr_Cheese wrote:
a switch is deffinatly the way to go about it ( preventing the null byte poisoning ).

it's a long winded way of doing things, but by far the most secure.

example:
Code

switch($_GET['page']){

case 'home':
  include "home.php";
break;

case 'contact':
 include "contact.php";
break;

default:
 include "home.php";

}





[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Poison NULL byte in Basic23

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 09:59
bp3.blogger.com/_wuwfOWq-1iE/Rw0lr_P9hOI/AAAAAAAABJU/ha3VHC-DkoA/s320/homer.jpg



:ninja:
http://2130706433