Realist
Realist CMSimple
Simply desperated. I found CVE: 2008-2650 but I cannot exploit it.
I tried null byte and get Language file ./cmsimple/languages/../../../../******%00 is missing
Finally if I delete null byte I get blank page, obviously the full path is ok but no the waitted response.
Any suggestion about that?
Realist CMSimple
Hi everyone,
I’m new and not very experienced.
I can reproduce locally the challenge (I downloaded locally the same vulnerable cms version).
The only difference is nginx respect to apache2 locally installed.
Can I write to anyone to explain the steps I did for the exploitation?
I can’t figure out why locally works, but not here.
Thank you for your support.
Realist CMSimple
I am quite lost here too. It looks like the null byte is not working.
For example, this file exists (it is empty but it is a 200 OK, not a 404): http://challenge01.root-me.org/realiste/ch6/cmsimple/log.txt
However, this: http://challenge01.root-me.org/realiste/ch6/index.php?sl=../log.txt%00
returns: Language file ./cmsimple/languages/../log.txt.php missing
I can include PHP files though, but I cannot figure out how to extract information from them, for some reason I cannot "view", "upload" or "download".
Realist CMSimple
I’ve been going over this challenge for hours now. I’ve discovered how I can execute "admin-functions", but I only get 0-byte responses with 200-ok.
Even if I say view or edit a file or something, I don’t get anything in the response-body.
Any help?