Reading through the vulnhub walkthrough for wakanda here
https://medium.com/egghunter/wakanda-1-vulnhub-walkthrough-3d524ed8a372
And it uses a php filter i haven't seen before (base64 encoder) which is then decoded . Using this line of code
curl http://192.168.56.102/?lang=php://filter/convert.base64-encode/resource=index | head -n 1 | base64 -d
In comparison I tried to simply curl the page via
curl http://192.168.56.102/?lang=php
Both output the html , but the filtered code also produces several lines above the DOCTYPE header that is enclosed inside of a php tag. My question is why does this happen?
the significant output (first few lines) is below
<?php
$password ="Niamey4Ever227!!!" ;//I have to remember it
if (isset($_GET['lang']))
{
include($_GET['lang'].".php");
}
?>
<!DOCTYPE html>
<html lang="en"><head>
Obviously this is wrong, but it seems like the filtered code is: encoding , then decoding and somehow in that process getting more information than if we just curled everything
I came across this article
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
which explained this very well.
This forces PHP to base64 encode the file before it is used in the require statement. From this point its a matter of then decoding the base64 string to obtain the source code for the PHP files.
So as to why the filtered code gets all the html and the php, is because its making the php be encoded before grabbing the html and wrapping it all into one output string, which can then be decoded and read . Meaning as output you get both the page html and the php code from other supporting files
Related
I have raw encoded base64 emails that I would like to decode. However on the raw email data, there is 3 sections to it.
The first section is HEADERS.
The second section is HTML content / tags.
The third section is the encoded base64.
I can manually add the string to my program and decode it just fine. However, I want to TARGET or PULL the encoded message into my program, so when I run it, its automatic.
But how do I target the encryption data when the header and html content / tags are in the way? I can read files through PHP, but would I do something like
if (strlength IS REALLY LONG == encoded data)
{decode that data}
Based on the following link, your solution would be something like this:
How to check whether the string is base64 encoded or not
$regex = '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$';
if(preg_match($regex,$string) != false){
//some operation
$decoded = base64_decode($string);
}
I don't know exactly how to explain this but when I POST on my page or when I change a SESSION variable, sometime, not always, I will get half the html in plain text starting with a hexa code. I don't know what to do. Its always random, the hexa code is almost always different.
Exemple :
bc86
<div>something...</body></html>
If there was a problem of encoding which is mostly possible then you can try the following before producing some HTML/text to client:
header('Content-Type: text/html; charset=utf-8');
Hello im struggling with a problem. I have an url that contains xml data...
when i'm using file_get_contents($url) or fopen($url,'r') it gives me only values:
Consider the xml:
<tag1 attrName="something">
<tag2>some Value</tag2>
<tag2>some Other Value</tag2>
...
...
</tag1>
what i get: some Value, some Other Value
But i need to get whole xml (with tags and attributes and its' values) and parse it with my own way because there's a restriction that i'm not allowed to use php 5.x practices.I mean i cant use any parser.. It shouldnt be so hard to get xml data as is.. should it??
what i get: some Value, some Other Value
Nope - my suspicion is that that is what you see in your browser, because it is swallowing all <tags>.
The XML source code will be there after a file_get_contents() operation.
You are using file_get_contents() which states
This function is similar to file(), except that file_get_contents()
returns the file in a string, starting at the specified offset up to
maxlen bytes. On failure, file_get_contents() will return FALSE.
Press Ctrl+u to see the source code in any of the major browsers(except IE where its F12 in IE9). I am sure that your code will be there. Your browser wont display the tags that's all.
The other longer(but better way) to display an XML file from your php file is to pass the content type as text/xml. Use the following way
<?php
header("Content-Type: text/xml");//SHOULD come before any output
// dynamically generate and output your xml here
?>
Very simply, i want to make a variable reads the html code as string ,, i mean dont execute it (run it) .
the problem with the code is : i have a html file , and i want to get the content of it , and make some preg_replace for it (run a function on the html code), the problem is i cant use preg_replace, or any another function because the html code is executed by php (php reads the html code)..
i wish you understand me, i want something like highlight_string, but it save the html code in the variable.
Thank you.
you're probably trying to include or require the HTML code.
which is incorrect since it is evaluated as part of the source.
instead, use a function such as file_get_contents() to read the file into a string.
Use file_get_contents() as #David Chan suggested and then pass the result through htmlentities()... it converts the characters to HTML entities (i.e., < to <).
$getTheContent = file_get_contents($filepath);
echo htmlentities($getTheContent);
It should return the code, not executed.
I have a php script that writes xml data to a file and another one that sends the contents of this file to the client as the response.
But on the client side,im getting the following error:
XML Parsing Error: not well-formed
When i view source of the page, the XML i see is as follows:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<books><date>December 24th, 2009</date><total>2</total><book><name>Book 1</name><url>http://www.mydomain.com/posters/68370/img.jpg</url></book><book><name>Book 2</name><url>http://www.anotherdomain.com/posters/76198/img1.jpg</url></book></books>
In file1.php i have the following code that writes the XML to a file :
$file= fopen("book_results.xml", "w");
$xml_writer = new XMLWriter();
$xml_writer->openMemory();
$xml_writer->startDocument('1.0', 'UTF-8', 'yes');
$xml_writer->startElement('books');
$xml_writer->writeElement('date',get_current_date()); // Like December 23rd, 2009
$xml_writer->writeElement('total',$totalResults);
foreach($bookList as $key => $value) { /* $bookList contains key value pairs */
$xml_writer->startElement('book');
$xml_writer->writeElement('name',$key);
$xml_writer->writeElement('url',$value);
$xml_writer->endElement(); //book
}
$xml_writer->endElement(); //books
$xml_data = $xml_writer->outputMemory();
fwrite($file,$xml_data);
fclose($file);
And in index.php, i have the following code to send the contents of the file as a response
<?php
//Send the xml file contents as response
header('Content-type: text/xml');
readfile('book_results.xml');
?>
What could be causing the error ?
Please help.
Thank You.
The above looks good to me (including the fact that you're forming the XML via a dedicated component) and either:
what you're using to validate this is wrong
you're looking at something different to what you think you are
I would definitely try another tool/browser/whatever to validate this. Additionally, you may want to save the XML file as sent to the browser, and check it using XMLStarlet (a command-line XML toolkit).
I'm wondering also if it's an issue that we can't easily see - a character encoding problem or a Byte-Order-Mark issue (related to encodings). Does the character encoding of the web page you're sending match/differ from the encoding of the XML (UTF-8).
There are some free websites and tools for checking for validity in XML.
According to the XML Validator, when I pasted your XML above into the textarea, it said "no errors found".
However, Validome says "Can not find declaration of element 'books'."
Perhaps Jeff's suggestion of changing date and total to attributes might help. It would probably be easy to try that.
Have you tried using those 2 loose date and total tags as attributes instead?:
<books date="December 24th" total="2">
Also, xml can be quite sensitive. Make sure to use CDATA tags were appropriate
It validates fine in WMHelp XMLPad 3.0.1.0, and opens fine in FireFox 3.0.8 and IE7 without errors.
The only thing I can see, from a copy and paste of your XML, is that the XML declaration is followed by a CR/LF combination (0x0D0x0A). This is platform specific (Windows), and may be an issue on the client; you didn't mention what the client was, however, so I can't be sure if that's the problem.
Ensure that you are writing UTF-8 or 7-bit ASCII encoding to the file (test with a text editor or the 'file' command, if you have it), and that your checker supports it. Keep in mind that UTF-8 can include a signature (sometimes called the byte-order mark) in the first three bytes (EF BB BF) that sometimes confuses some tools if it is there, and rarely if it is not.
xml version='1.0' encoding='UTF-8' standalone='yes'
use single quote.