| |
|
logan
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 9
|
| |
|
|
|
 |
|
|
have no idea which file should I lookup in the textzone
I mean I do know but I keep getting that error
Super Something @ bla bla bla
any ideas ?
Edit by : logan At 28/09/2005, 14:08:43
|
Ohhh Yeahhhh |
|
| |
|
|
B~HFH
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 28
|
| |
|
|
|
|
|
|
as you know , when you are getting the super protect error - its mean that you need to find way for passing it.
for this one , superprotect are blocking from you to see the file
"location".
But there are many location for one file [=
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
HINT : Superprotect not so smart ;)
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
Cant pass it...
i tried all the locations can be...
from
../upload8.asp
and to
http:/www.trythis0me.com/location/sss.sss
and too
../../*****/up***.asp
what to do>?
edit : did it..
: Avidor93 01/10/2005, 22:21:36
Edit by : cp77fk4r At 06/10/2005, 15:17:50
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
OK igot the password for the upload page...
now what ?
when i am "upload" file its says the "directory " - and its only a simulation... the directory even dont exist
|
|
|
| |
|
|
pitbull
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34
|
| |
|
|
|
|
|
|
I also found the password for the upload page,
what the target now?
what I need to find?
maybe I need to deface the main page?
I have no clue what to do...
|
|
|
| |
|
|
Alias
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 27
|
| |
|
|
|
|
|
|
Think if you could upload files to server and you target is to destroy the site that sits on this server (deface?).
What were you trying to do?
|
|
|
| |
|
|
K-Gen
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
Yeah I'm stuck here too .. It was easy and all .. but i just cant hack the last step.. how to pass the TXT only protection ? a little hint ? i tried to use URL codes in the address bar of the last creation page c*e***35*.asp .. URL codes like %0D to try to delete the .txt if i write smthing like 1.asp.txt so it should be 1.asp%0d%0d%0d%0d.txt but I don't think im on the right track ... hint me please.
|
|
|
| |
|
|
K-Gen
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
Eh .. nvm it was easy ... you don't need to try to hack the last creation page but the third .. and hacking it was easy ..
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
Just try to upload some ASP file.. If you can do it- you can do everything..
|
|
|
| |
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
| |
|
|
|
|
|
|
K i got the password so now i'm registered. i tried to view the source code of the page that checks if the pass to the upload page is right, but it tells me that super protect shit again.
ok it's oviuse that i need to pass it by giving him a different url to the same page. i tried to do it with xss but theres no xss there in the page that views me the texts and it just tells me "you are on the right track"
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
try to think how the security there works, and try to think how can you exploit that!
|
|
|
| |
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
| |
|
|
|
|
|
|
ok tnx i passed the level :P
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
