Realist
Realist P0wn3d
I´ve tryed the P0wn3d Challenge of the Realist Section now for a Couple of Days. I did a lot of research about the Simple CMS (Data Structur etc) and have tryed a lot of ways to solve the Problem.
I read the French Forum as well and know what type of "Attack" is used to solve the Challenge but i´m a little bit Stuck and tought that maybe someone can help me a bit.
As i said i think im Generaly on the right way but need a little help / hint.
Thanks
Realist P0wn3d
Hey guyz,I will hope then somebody give me some hint how use LFI in this task.I greatly understand that we need to include such files as ../cmsimple/adm.php or ../cmsimple/config.php,and we must use null byte.But I can’t understand how to use the LFI here? What delimiter are using to split the dirs? Maybe : ??
Plz give some hint
Realist P0wn3d
Yes, I download cmsimple 3.0 from official site and see cms structure and view source code,but I am not able to find where site use rule with replace "/" to ":" in include function.
Sorry bro,maybe I do something wrong?
Realist P0wn3d
It took me a while to figure this one out but i can tell their that you need focus on the LFI paticulary ?sl=, if you look for CMS vuln search in google you will find a popular one that should help you.
Realist P0wn3d
Hi all,
I need some help on this challenge. Can someone go in private message to give me some clue please ? :)
(I think i’ve taken the classic clue "check the source code", "find the CVE", etc... But it seems it’s not enough for me 😢 )
Thank you :)