Level 8
Challenge:
Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/
However, Sam’s young daughter Stephanie has just learned to program in PHP. She’s talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote a script to demonstrate her ability.
Solution:
This time I had to inject the server, so writing “<! — #exec cmd=”ls ../ — ->”
and the result was
so I went to the au12ha39vc.php and the password appeared.
