Official Secure Server Discussion

system · October 4, 2024, 8:00pm

Official discussion thread for Secure Server. Please do not post any spoilers or big hints.

madgroove · October 5, 2024, 11:40pm

Great challenge! Challenging to play in blue.

CX330Blake · October 7, 2024, 6:29am

Indeed, but I’m stuck in the vulnerability 1. Can I get some hints or something? Thx guys.

vincecipher · October 11, 2024, 11:44am

i am sure that i have both php var and javascript sanitized but still have the 2 vulnerabilities present… very strange

ok found for the first one .
…and the second one

zoroxz · November 11, 2024, 2:30pm

i am so noob, no idea what am i looking for ? LFI but i have to fix this, no idea about it.

vincecipher · November 12, 2024, 6:23am

search about how to secure php code with the functio ns namesthat are used in this code.

zoroxz · November 12, 2024, 7:01am

ok got it.

MorganX2 · November 19, 2024, 7:05pm

I’ve been stuck on the first vulnerability of secure server for a long time… can anyone give a hint to the area of the code that needs to be fixed. I quickly corrected vuln 2 so i am probably just over thinking it. I am assuming both vulns are in the our-projects.php file. The thing that is odd to me is that the exploit.py is taking advantage of an un-sanitized user-agent string but the UA is not being processed in the webapp its being processed in the backend/Access.log… any help would be appreciated.

Topic		Replies	Views
Official LoveTok Discussion Challenges	44	12772	December 13, 2023
Official Restaurant Discussion Challenges	24	5458	September 28, 2023
Official JerryTok Discussion Challenges	18	1529	July 31, 2024
Official Toxic Discussion Challenges	34	7436	December 30, 2023
Official What does the f say? Discussion Challenges	11	4812	February 23, 2023

Official Secure Server Discussion

Related topics