Posts Tagged ‘hts’
HackThisSite Basic Missions 8
August 11th, 2009 | 
Author: 
HackThisSite Basic Missions 8.
The password is yet again hidden in an unknown file. Sam’s daughter has begun learning PHP, and has a small script to demonstrate her knowledge.
Requirements: Knowledge of SSI (dynamic html executed by the server, rather than the browser)
Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/
However, Sam’s young daughter Stephanie has just learned to program in php. She’s talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote an script to demonstrate her ability.
The SSI really inspired me.
SSI: Server Side Includes are directives, placed in HTML pages and evaluated on the server while the pages are being served. It lets you add dynamically generated content to an existing html page.
As you see our code in the video. It executes the Unix date command using the shell and it displays the result of the ls command.
As we have seen before, the Unix LS command lists the files in the current directory.
The SSI Exec command inserts the output from a CGI script or a shell command in the document.
For any help, contact me.
Duration : 0:5:7
Posted in 
Tags: 