Dashboard Articles Playground Discussions More
Follow

Help with the basics?

Princess slag

Maxima
9 years ago

0

Hi
I have completed this level and sort of understand it, but i think it is the fundamentals that i haven’t grasped?
I am unclear on how it actually works?
This may sound stupid but here goes… what exactly is admin.php? a server file?

On the login page https://www.hackthis.co.uk/levels/extras/real/6/admin.php the source is minimal

I enter a password lets say ‘Hello’
it submits that password to the server;
https://www.hackthis.co.uk/levels/extras/real/6/admin.php?password=Hello

this is where i get a little lost; I have thought a php file named admin.php processes the input at the server; redirecting if correct. Is that right.

when we use the Null Byte, are we pulling out the content of the admin.php file into the webpage? or have i got it all wrong?

2replies
2voices
217views
Cyan Wind [freewind1012]
9 years ago | edited 9 years ago

0

[quote=Maxima]when we use the Null Byte, are we pulling out the content of the admin.php file into the webpage?[/quote]
Yes, we were trying to do that. However, in real life, it is very hard to do that because developers won’t forget some solutions. Moreover, Real Level 5 is exploitable because it is hard-coded (The input is intentionally compared with the password in a PHP file).

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
Maxima
9 years ago

0

Righto - thanks :)

Discussion thread has been locked. You can no longer add new posts.
1 of 3

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss