Learn about Security for code and servers. Learn how to secure your site and your code. Learn about hacking prevention, finding and identifying exploits, and recognising vulnerabilities. Plus, Weekly Security tips and Tutorials.
Post questions related to security, analyse and learn about vulnerabilities and exploits within code to protect yourself against hackers.
Fatal error: Function name must be a string in ./tm.php on line 32
The idea was to encode the function call that needs to be injected by converting each character to its hex value and than xor it agains 0xFF, which than is big enough to be shifted away by the regex. The idea was that if the url contains an other xor with a bunch of %FF that PHP translate it back to the original string when injected and execute it. The error indicates that it appears to do something, but I can't get it actually to exploit.
Yes! You are almost there. However, the %FF is unnecessary (though interesting, I'll have to look at that). Let me know if you want another hint.
Well probably unnecessary, though that was the only way we could think of fooling the regex by bringing the token string outside the \w range. If you have an other hint thats welcome , I don't think I get further on this than I am. This is kinda outside my field of expertise :p
Proud member of the phpBB support team STG Support team member | STG Moderator team member