Exploit Exercises Nebula Level 07 - SemilleroSeguridadInformatica/Sem-Security GitHub Wiki

Exploit Exercises Nebula - Level 07

About

The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server.

To do this level, log in as level07 account with the password level07. Files for this level can be found in /home/flag07.

Source code

#!/usr/bin/perl

use CGI qw{param};

print "Content-type: text/html\n\n";

sub ping {
	$host = $_[0];

	print("<html><head><title>Ping results</title></head></body><pre>");

	@output = `ping -c 3 $host 2>&1`;
	foreach $line (@output) { print "$line"; } 

	print("</prev></body></html>");
}

# check if Host set. if not, display normal page, etc

ping(param(“Host”));
⚠️ **GitHub.com Fallback** ⚠️