MRL WikiMain Page | About | Help | FAQ | Special pages | Log in

Printable version | Disclaimers | Privacy policy

Level 4

From MRL Wiki

blackbox.smashthestack.org - level 4

Spoilers Below

This level is a directory traversal with a twist. User input is appended to "/usr/share/level5", and the resulting file is displayed to stdout. However, user input undergoes sanity checking before being appended.

The first step is that any characters matching "." or "/" at the beginning of the input string are skipped. Therefore the beginning of the input must contain a valid file or directory. Luckily a dummy subdirectory has been provided under /usr/share/level5.

The input string is then passed through two filters. The first pass strips any instance of the character sequence "/../". The second strips the character sequence "/./".

Because of the order of the filters, it's possible to retain a "/../" character sequence by including "/./.././" in the input string.

level4@blackbox:~$ ~/shared lyrics/./../././../././../././.././home/level5/password
Contents of /usr/share/level5/lyrics/../../../../home/level5/password:
<password displays>

Retrieved from "http://midnightresearch.com/wiki/index.php/Level_4"

This page has been accessed 1,767 times. This page was last modified on 9 September 2008, at 18:56.


Find

Browse
Main Page
Community portal
Current events
Recent changes
Random page
Help
Edit
Edit this page
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
Moreā€¦