PHP Type Juggling, LFI and Command Injection - Solution to April ’23 Challenge
🏆 The official writeup for the April ’23 Challenge, featuring PHP Type Juggling, LFI, Command Injection / Log Poisoning (incl some WAF filters) 😎
Follow strangemonkey:
Solve the challenge:
🧑💻 Sign up and start hacking right now -
🐱💻 Can’t get enough of these challenges? -
👾 Join our Discord -
🎙️ This show is hosted by ( @_CryptoCat ) &
👕 Do you want some Intigriti Swag? Check out
00:00 Intro
00:20 Explore web application
01:11 PHP type juggling
05:37 Investigate endpoint
06:05 Fuzzing GET parameters
11:04 Local file inclusion
12:54 Discover hidden admin page
14:23 Log poisoning / Command injection
20:51 Challenge summary
21:53 Conclusion
4 months ago 01:00:03 1
4 months ago 00:03:55 1
4 months ago 00:05:52 1
4 months ago 00:06:54 1
4 months ago 00:00:00 2
4 months ago 01:04:41 1
4 months ago 00:00:00 1
4 months ago 00:03:41 1
4 months ago 00:11:34 1
4 months ago 00:00:19 1
4 months ago 00:42:28 4
4 months ago 00:00:00 1
4 months ago 00:20:33 1
4 months ago 00:39:54 1
4 months ago 00:05:45 1
4 months ago 00:21:48 1
4 months ago 00:00:00 1
4 months ago 00:03:24 1
4 months ago 00:17:14 1
4 months ago 00:00:00 1
4 months ago 00:58:06 1
4 months ago 00:08:20 1
4 months ago 00:35:43 1
4 months ago 00:36:27 1
