PHP Type Juggling, LFI and Command Injection - Solution to April ’23 Challenge
🏆 The official writeup for the April ’23 Challenge, featuring PHP Type Juggling, LFI, Command Injection / Log Poisoning (incl some WAF filters) 😎
Follow strangemonkey:
Solve the challenge:
🧑💻 Sign up and start hacking right now -
🐱💻 Can’t get enough of these challenges? -
👾 Join our Discord -
🎙️ This show is hosted by ( @_CryptoCat ) &
👕 Do you want some Intigriti Swag? Check out
00:00 Intro
00:20 Explore web application
01:11 PHP type juggling
05:37 Investigate endpoint
06:05 Fuzzing GET parameters
11:04 Local file inclusion
12:54 Discover hidden admin page
14:23 Log poisoning / Command injection
20:51 Challenge summary
21:53 Conclusion
1 month ago 03:22:30 1
1 month ago 00:23:43 1
1 month ago 01:18:37 1
1 month ago 00:22:46 1
1 month ago 01:47:33 1
2 months ago 00:00:00 1
2 months ago 00:42:43 1
2 months ago 00:16:23 4
2 months ago 00:12:30 1
2 months ago 00:06:46 1
2 months ago 00:04:03 1
2 months ago 00:08:55 1
2 months ago 00:16:32 1
2 months ago 00:09:27 1
2 months ago 00:38:54 1
2 months ago 00:47:48 3
2 months ago 00:02:41 1
![MY OH MY •| ----- SONG KANG 💕. ()()() [FMV]](https://sun9-80.userapi.com/heh7uSLeQgWz3fI71bntWIkASLr2D0XN0K4pfQ/GStplJtkMAs.jpg)
2 months ago 00:00:00 1
2 months ago 00:25:13 1
2 months ago 00:28:51 4
2 months ago 00:25:58 1
2 months ago 09:47:17 1
2 months ago 00:07:28 1
2 months ago 00:07:32 1
