Official discussion thread for LoveTok. Please do not post any spoilers or big hints.
Can't figure out what to do after getting the countdown timer to 00:00:00. I thought it would be it, but it keeps on going to the negative.
This is exactly an easy challenge to ones who know php. If you don't, you have to learn it.
Hold This Bomb!
I'm in the same situation of @bcdehl
Can someone DM me? Any help is appreciated.
Could anyone PM me a hint?
My php is sooooooo rusty, can someone DM me a hint for this one please?
What a great challenge! I highly recommend this one (:
I think I found an attack vector. Can anyone confirm if using a GBK related exploit is the way to a solution or am I going down a rabbithole?
Anyone up for help? Have spent almost 5 hours now. Even a little hint would be appreciated. pls DM !
Can someone DM me for a hint?
Stuck here, any hints?
Could I have a small little nudge as well? I can send you what I've tried already
Could someone give me a nudge on this one!? I imagine what the attack vector is, but can't bypass it
Ah ah I finally got it!!!!!!
My little advice, really take the time to run your own docker container and check what's it happening using error_log().
Little hint... You'll need a few USD to solve it
Pretty nice challenge but took me a good day to solve it. Now time for the Weather App.
any Hints ?
I think that there is something about addslashes
OH 😂 , I did it
Nice Challenge Dude
I did it with a little nudge of @cdt. If anyone wants a nudge hit me up!
Will anyone please give me i hint about getting initial access to this box Thanks
Finally got this one. Hint to others: To actually exploit I needed to look into some interesting behavior (not well documented) PHP has with executing functions when all you control is variable expansion.
Got it! Thanks for a cool challenge ! I am curious how other people exploited it, as I think there's several ways to do it (using the same vuln).
If you need a hint, DM me with what you have tried and I will provide a nudge
A little nudge for those who are not familiar with PHP, there is something in common with other scripting languages (e.g Bash), related to string parsing.
i found the vulnerability , but i cant exploit it , i think there are some filtering. can anyone give a little hint.
The worst challenge ever and too boring cuz of php.
I've got the info, but really struggling to go any further. Can I message someone please?
I put a lot of logging code to the source code to see what is happening in the background. I suspect two vulnerable functions. However, when I try injection using multi-byte characters my log messages become empty strings and the server does not break.
If anyone can give me a nudge, I would be very thankful.
As someone with minimal PHP experience, this was quite the frustrating "easy" challenge. I finally figured it out but it wasn't a good looking solution by any means. I did learn a lot though!
Click here to create an account.