Official LoveTok Discussion

Could I have a small little nudge as well? I can send you what Iā€™ve tried already

Could someone give me a nudge on this one!? I imagine what the attack vector is, but canā€™t bypass it

Ah ah I finally got it!!!
My little advice, really take the time to run your own docker container and check whatā€™s it happening using error_log().

Little hintā€¦ Youā€™ll need a few USD to solve it :slight_smile:
Pretty nice challenge but took me a good day to solve it. Now time for the Weather App.

Hi there, I see the vector and have info(), php string is solution, but stuck in get flag. Any hint about that?

Oh hi, I have resolved that ? I was so dump. PHP string is the key :v:

any Hints ?
I think that there is something about addslashes :disappointed:
EDIT:
OH ? , I did it :wink:
Nice Challenge Dude

I did it with a little nudge of @cdt. If anyone wants a nudge hit me up!

Will anyone please give me i hint about getting initial access to this box Thanks

Finally got this one. Hint to others: To actually exploit I needed to look into some interesting behavior (not well documented) PHP has with executing functions when all you control is variable expansion.

1 Like

Got it! Thanks for a cool challenge ! I am curious how other people exploited it, as I think thereā€™s several ways to do it (using the same vuln).

If you need a hint, DM me with what you have tried and I will provide a nudge :smile:

A little nudge for those who are not familiar with PHP, there is something in common with other scripting languages (e.g Bash), related to string parsing.

STUCKED

i found the vulnerability , but i cant exploit it , i think there are some filtering. can anyone give a little hint.

The worst challenge ever and too boring cuz of php.

Iā€™ve got the info, but really struggling to go any further. Can I message someone please?

I put a lot of logging code to the source code to see what is happening in the background. I suspect two vulnerable functions. However, when I try injection using multi-byte characters my log messages become empty strings and the server does not break.
If anyone can give me a nudge, I would be very thankful.

As someone with minimal PHP experience, this was quite the frustrating ā€œeasyā€ challenge. I finally figured it out but it wasnā€™t a good looking solution by any means. I did learn a lot though!

Could anyone PM me a hint?

Spent a good 2 hours researching for techniques to bypass that one functionā€¦
As it turned out, DuckDuckGo may be excellent to have some privacy, but the search results can be quite bad. With Google, I did 2 searches and the answer was in the Top 3.

Also fell into a deep rabbit hole because I didnā€™t fully understand how the first technique I researched works, and that it isnā€™t applicable here. Some 2-3 hours lost in php -aā€¦

The vuln is obvious, how to package/structure/format/encode the payload is literally 10 minutes of Google. Really hard to give hints without spoiling everything.

Iā€™m able to see the file name for the flag but stuck at opening the file, can anybody PM me a hint ?