Official LoveTok Discussion

Can someone DM me for a hint?

Stuck here, any hints?

Could I have a small little nudge as well? I can send you what I’ve tried already

Could someone give me a nudge on this one!? I imagine what the attack vector is, but can’t bypass it

Ah ah I finally got it!!!
My little advice, really take the time to run your own docker container and check what’s it happening using error_log().

Little hint… You’ll need a few USD to solve it :slight_smile:
Pretty nice challenge but took me a good day to solve it. Now time for the Weather App.

Hi there, I see the vector and have info(), php string is solution, but stuck in get flag. Any hint about that?

Oh hi, I have resolved that ? I was so dump. PHP string is the key :v:

any Hints ?
I think that there is something about addslashes :disappointed:
EDIT:
OH ? , I did it :wink:
Nice Challenge Dude

I did it with a little nudge of @cdt. If anyone wants a nudge hit me up!

Will anyone please give me i hint about getting initial access to this box Thanks

Finally got this one. Hint to others: To actually exploit I needed to look into some interesting behavior (not well documented) PHP has with executing functions when all you control is variable expansion.

1 Like

Got it! Thanks for a cool challenge ! I am curious how other people exploited it, as I think there’s several ways to do it (using the same vuln).

If you need a hint, DM me with what you have tried and I will provide a nudge :smile:

A little nudge for those who are not familiar with PHP, there is something in common with other scripting languages (e.g Bash), related to string parsing.

STUCKED

i found the vulnerability , but i cant exploit it , i think there are some filtering. can anyone give a little hint.

The worst challenge ever and too boring cuz of php.

I’ve got the info, but really struggling to go any further. Can I message someone please?

I put a lot of logging code to the source code to see what is happening in the background. I suspect two vulnerable functions. However, when I try injection using multi-byte characters my log messages become empty strings and the server does not break.
If anyone can give me a nudge, I would be very thankful.

As someone with minimal PHP experience, this was quite the frustrating “easy” challenge. I finally figured it out but it wasn’t a good looking solution by any means. I did learn a lot though!

Could anyone PM me a hint?