Add shortest solution of lixi_2018

Question

Add shortest solution of lixi_2018

WangYihang opened this issue 7 years ago · 6 comments

22 Bytes

?%E2%81%A3=${${`cu\\rl 0:88\88`}};

not for arbitrary command execution, ssrf to get flag~

Answer 1 · 2018-06-01T12:53:03.000Z

Cool! Actually, prior to releasing the challenge, I already removed curl wget telnet stuff.
But it turns out that busybox can be used.

Answer 2 · 2018-06-01T12:53:38.000Z

oh, ${{}} is useless

`cu\\rl 0:88\88`;

Answer 3 · 2018-06-01T12:54:17.000Z

wow, I did not notice that... I just test it in my computer~ thank you for your excellent challenge, pretty cool~

Answer 4 · 2018-06-01T12:55:36.000Z

Glad you liked it! Enjoy other ones ~

Answer 5 · 2018-06-01T13:00:19.000Z

Oh, I think there was a mistake.. I didn't noticed that the function shell_exec will not print the output of the command... so I was my fault, I think die() or any other functions can print string are necessary;

Answer 6 · 2018-06-02T12:15:14.000Z

Yea, you can check the solutions out, there is one payload which using die(`ssh... got the same idea to yours.