This morning I woke up to some unfriendly ice rain, and last night’s snow covered sidewalk has turned into an ice-skating rink. Baby steps were necessary to avoid ending up in a horizontal position involuntarily. I made it to the train station safely, and got on the NYC-bound train. On the bright side, Egor Homakov (@homakov) posted a challenge on Twitter for finding the local file inclusion security hole in a piece of path validation code.
1 2 3 4 5 6 7 8 9 10
Looks like my 40 minute train ride has turned into a hacking session and I eagerly played around with the provided code to access the contents of my local
etc/passwd file. Eureka! Finally, I figured out that by breaking up
.. (parent directory) with the wildcard symbol
*, I could trick the validation code into allowing my path string. Also, in
bash the folder
.*. behaves the same as
.., so by prepending
etc/passwd with the right number of
.*./ strings, I could finally access the coveted password file.
1 2 3 4 5 6 7 8 9 10 11 12