News for July 2013

Server-side security war games: Part 16

This is the last level. We're challenged with an improved version of level 9 -- they've added additional "sanitation" to keep us out.

    if(preg_match('/[;|&`\'"]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i \"$key\" dictionary.txt");
    }

(more…)

Server-side security war games: Part 15

We're nearly at the end! This is the 2nd-last level.

We know there is a users table, with columns "username" and "password". This time, the code just checks that the username exists. There's no way to print out the data we want. Instead, we'll have to do something cleverer.
(more…)

Server-side security war games: Part 14

In level 14, we see a more traditional username & password form. Let's check the source code to see if there are holes we can slip through.
(more…)

Server-side security war games: Part 13

This is level 13. Looks like they claim to only accept image files, in order to close the flaw we used previously. I bet we can get around that restriction just like we did when they disallowed certain characters in the search term. Let's examine the code.

Here's the new part of the code:

    if (! exif_imagetype($_FILES['uploadedfile']['tmp_name'])) {
        echo "File is not an image";
    }

(more…)

Server-side security war games: Part 12

In level 12, we're given a file upload form. Let's take a look at the code that processes input.
(more…)