August 19, 2019
Logging into natas9, we see see that when we input a word into the text field it will output all the words that contains the word in it.
Along with that, we are again greeting with the source code that the lab provides us.
Viewing the source code we can see that it is yet again its php code that check the word inputted in the text field and see’s if its in the dictionary.txt file.
Here I look around in the text file and look directly for the word needle because thats what the source code hints at.
Looking again at the source code the passthru function looks interesting, It says that its used to execute a command. Seeing that we can inject a command in the text field.
And like that, we get the password for the next level.