IXPLOIT 웹해킹 스터디 9주차 (2) Wargame

1 Command injection

www.root-me.org/en/Challenges/Web-Server/PHP-Command-injection

Challenges/Web - Server : PHP - Command injection [Root Me : Hacking and Information Security learning platform]

 

Find a vulnerabilty in this service and exploit it. The flag is on the index.php file.

Meta 문자를 이용하여 리눅스 명령어를 사용해보자.

---

2 File Vulnerability (1)

www.root-me.org/en/Challenges/Web-Server/File-upload-Double-extensions

Challenges/Web - Server : File upload - Double extensions [Root Me : Hacking and Information Security learning platform]

Your goal is to hack this photo galery by uploading PHP code. Retrieve the validation password in the file .passwd at the root of the application.

---

3 File Vulnerability (2)

www.root-me.org/en/Challenges/Web-Server/File-upload-MIME-type

Challenges/Web - Server : File upload - MIME type [Root Me : Hacking and Information Security learning platform]