The level <?php <!-- Yet an other fine level, based on a real-world vuln discovered by @caillou --> <?php // Defines $flag include 'flag.php'; $db = new PDO('sqlite::memory:'); $db-...

The level <?php ini_set('display_errors', 'on'); ini_set('error_reporting', E_ALL); function sanitize($id, $table) { /* Rock-solid: https://secure.php.net/manual/en/function.is-numeric.ph...

The level <?php if (isset ($_REQUEST['f']) && isset ($_REQUE['hash'])) { $file = $_REQUEST['f']; $request = $_REQUEST['hash'] $hash = substr (md5 ($flag . $file . $flag), 0...

The level <?php $uploadDir = '/uploads'; $hashedFileName = sha1($_FILES['fileToUpload']['name']) . '.gif'; $uploadedFile = sprintf('%s/%s', $uploadDir, $hashedFileName); if (file_exists($uplo...

Let’s talk about Proccess Hiding so I was thinking about how to hide a process, a process that can maybe be used for malicious purpose 🤫 (mabye like keylogger or something). Let’s get to it. The ...

The level <?php // source.php include "flag.php"; function sleep_rand() { /* I wish php5 had random_int() */ $range = 100000; $bytes = (int) (log($range, 2) / 8) + 1; ...

The level // source.php <?php if (!isset($_GET['page'])) { header('Location: http://websec.fr/level25/index.php?page=main'); die(); } ?> <!DOCTYPE html> <!-- A smooth level b...

The level <?php if(isset($_POST['submit'])) { if ($_FILES['flag_file']['size'] > 4096) { die('Your file is too heavy.'); } $filename = './tmp/' . md5($_SERVER['REMOTE_ADDR']) . '...

The level The application is really the same in level 1 but there is only 1 difference $searchWords = implode (['union', 'order''select', 'from', 'group', 'by'], '|'); $injection = preg_replace ...

The level source1.php <?php include 'connect.php'; $sql = new SQL(); $sql->connect(); $sql->query = 'SELECT username FROM users WHERE id='; if (isset ($_COOKIE['leet_hax0r'])) { ...