Exploit Exercises Nebula Level 09 - SemilleroSeguridadInformatica/Sem-Security GitHub Wiki

Exploit Exercises Nebula - Level 09

About

There’s a C setuid wrapper for some vulnerable PHP code…

To do this level, log in as level09 account with the password level09. Files for this level can be found in /home/flag09.

Source code

<?php

function spam($email)
{
  $email = preg_replace("/\./", " dot ", $email);
  $email = preg_replace("/@/", " AT ", $email);

  return $email;
}

function markup($filename, $use_me)
{
  $contents = file_get_contents($filename);

  $contents = preg_replace("/(\[email (.*)\])/e", "spam(\"\\2\")", $contents);
  $contents = preg_replace("/\[/", "<", $contents);
  $contents = preg_replace("/\]/", ">", $contents);

  return $contents;
}

$output = markup($argv[1], $argv[2]);

print $output;

?>