CInsects/Protokolle/CInsects:Treffen-2010-11-09: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Links) |
(→Ablauf: init) |
||
| Zeile 5: | Zeile 5: | ||
== Ablauf == | == Ablauf == | ||
FIXME | FIXME | ||
== Hackit 2 == | |||
FIXME | |||
=== Quelltext === | |||
<pre> | |||
<h1>Welcome to our cool clan page!</h1> | |||
<div style="float:left;"> | |||
<ul> | |||
<li><a href="?page=news">News</a></li> | |||
<li><a href="?page=memberz">Memberz</a></li> | |||
</ul> | |||
</div> | |||
<div id="content" style="margin-left:10em;"> | |||
<?php | |||
if(isset($_GET['page'])) { | |||
include($_GET['page'] . '.php'); | |||
} else { | |||
include('news.php'); | |||
} | |||
?> | |||
</div> | |||
</pre> | |||
== Hackit 3 == | |||
FIXME | |||
=== Quelltext === | |||
<pre> | |||
<h1>Welcome to our cool clan page!</h1> | |||
<div style="float:left;"> | |||
<ul> | |||
<li><a href="?page=news">News</a></li> | |||
<li><a href="?page=memberz">Memberz</a></li> | |||
</ul> | |||
</div> | |||
<div id="content" style="margin-left:10em;"> | |||
<?php | |||
if(strpos($_GET['page'], 'http://') !== false || | |||
strpos($_GET['page'], 'ftp://') !== false || | |||
strpos($_GET['page'], '../') !== false || | |||
strpos($_GET['page'], '/etc/passwd') !== false) { | |||
die('Do not be EVIL!'); | |||
} | |||
if(isset($_GET['page'])) { | |||
include($_GET['page'] . '.php'); | |||
} else { | |||
include('news.php'); | |||
} | |||
?> | |||
</div> | |||
</pre> | |||
== Sonstiges == | == Sonstiges == | ||
Version vom 26. Dezember 2010, 21:28 Uhr
Diese Seite ist eine Unterseite von CInsects.
Heute haben wir uns überwiegend mit Remote Code Execution beschäftigt.
Ablauf
FIXME
Hackit 2
FIXME
Quelltext
<h1>Welcome to our cool clan page!</h1>
<div style="float:left;">
<ul>
<li><a href="?page=news">News</a></li>
<li><a href="?page=memberz">Memberz</a></li>
</ul>
</div>
<div id="content" style="margin-left:10em;">
<?php
if(isset($_GET['page'])) {
include($_GET['page'] . '.php');
} else {
include('news.php');
}
?>
</div>
Hackit 3
FIXME
Quelltext
<h1>Welcome to our cool clan page!</h1>
<div style="float:left;">
<ul>
<li><a href="?page=news">News</a></li>
<li><a href="?page=memberz">Memberz</a></li>
</ul>
</div>
<div id="content" style="margin-left:10em;">
<?php
if(strpos($_GET['page'], 'http://') !== false ||
strpos($_GET['page'], 'ftp://') !== false ||
strpos($_GET['page'], '../') !== false ||
strpos($_GET['page'], '/etc/passwd') !== false) {
die('Do not be EVIL!');
}
if(isset($_GET['page'])) {
include($_GET['page'] . '.php');
} else {
include('news.php');
}
?>
</div>
Sonstiges
FIXME