Web - Servidor

Hello everyone,

I’m doing the challenges in web-server part and I got stuck in challenge 41 (PHP Assert). I think I understand the vulnerability but I can’t manage the exact solution. Can anyone explain it to me?? Please

Thank you

I validated this challenge a few days ago, the only thing i cna tell you is to read the php assert official documentation closely. It will give you everything you need :D

I’ve read it a couple times. But I still don’t understand how to exploit the vulnerability.

If I send a ".", I watch the warning for the assert(). So I think I need to provide the server with a condition that is always TRUE and that show me the password file content. Such as "..php’,’..’) && true=true". I guess. Is that right?

So you understood that you have to complete the function. But what you’re doing is not what is needed.
I suggest that you read this http://php.net/manual/fr/function.assert.php , there is one line that might interest you.

I give you a clue, it is one of the first line ;)

If you don’t find it, contact me on PM this afternoon :)

I suggest that you read this : http://php.net/manual/en/function.assert.php

I give you a clue, what is important there is one of the first line.
You have to complete the assert function and at the same time ( ;) ) find the password.

(Don’t mind to delete my com’ if that gives too much clue)

Ok, I got it. I made an error with URL encoding.

Did you validate it ?

Yes I did it

sorry i am new in that so i want a help for challenge 2, i read the pdf but i don’t know how to redictionate to other domain