@davidlightman Even basic RCE is enough to complete this. However, it is also possible to do what you are trying to do. Feel free to PM. However, I think there is enough information here to solve.
P.S. Works without globbing as well.
@davidlightman Even basic RCE is enough to complete this. However, it is also possible to do what you are trying to do. Feel free to PM. However, I think there is enough information here to solve.
P.S. Works without globbing as well.
@Omnisec said:
@davidlightman Even basic RCE is enough to complete this. However, it is also possible to do what you are trying to do. Feel free to PM. However, I think there is enough information here to solve.P.S. Works without globbing as well.
Thanks. I got the user flag. Working on the root flag right now.
Can someone help me out, I am not sure how to properly fuzz /s??? send me a pm please
Beware of certain HTTP clients in your attempts!
Some HTTP clients do not respect your wishes!
As already said, check with Burp if the parameter is being sent exactly as intended!
I spent several days to find out this issue!
Thanks so much FloptimusCrime for the tips!
Can someone tell me if I’m in the road? I have trying to insert a t?m??t??p in my requests to /s??? in burp suite… I’m getting a t?m??t??p response. that’s it?
Anyone able to confirm if I am heading in the right direction? I believe I’ve found the param though having trouble getting a direct or indirect response. I’ve read the guides provided on this thread.
I’m stumped with this one. I understand how WAF bypasses work, but I am failing to find a param to fuzz. I’ve thrown some random post params based on certain comments and successfully use a GET to see a timestamp. I am missing something obvious and it’s killing me.
I think I have the param, as a get a different response when sending a GET, but still cant get the right syntax to go any further , have read the articles on WAF ,lots of access denied. Any tips, please
@hexiburner said:
I think I have the param, as a get a different response when sending a GET, but still cant get the right syntax to go any further , have read the articles on WAF ,lots of access denied. Any tips, please
Consider what inputs you were giving to that param, and what could be worth injecting to see a valid response.
For those that haven’t got the param, be methodical. Consider what input is likely to generate a different response (error).
From experience, don’t focus on globbing too much (like I did initially), think about what techniques you’ve learnt from the articles to do WAF bypassing.
Cheers Gear01, I shall persist!
somebody check me whether correctly I found parameter . PM pls
Hello everyone! I would highly appreciate it if someone could PM me with some hints. I want to tell you what I found so far without giving any spoilers on this forum. Thank you!
Finally got user.txt
I got a shell!
I got root.txt!
hints on the parameter fuzzing is much appreciated
I would love a hint too on the parameter… I ran every wordlist I could find.
Please help in the parameter, i don’t get it. Please PM
got the param, injecting and just getting back an empty response… its killing me
@binthrust said:
got the param, injecting and just getting back an empty response… its killing me
by pass the WAF using what u can learn on the creator’s blog