Hi!

This challenge is about getting around filters, which might make it harder for you to exploit a script.

What url would you use as parameter if there would be a script "exploitit.php" in the "/user/www/challenges/" folder of our Linux webserver and you want to open "/user/www/index.php".

In case "exploitit.php" looks like this:

... $url = str_replace("../","",$_GET['url']); $hfile = fopen("/user/www/challenges/$url", "r"); if(!$hfile){ echo "Can't open file!"; exit; } while (!feof($hfile)){ $line = fgets ($hfile, 1024); echo $line; } ...

Or in case"exploitit.php" looks like this:

... if((strpos($_GET['url'],"../") === false) AND (strpos($_GET['url'],"://") === false))){ $hfile = fopen("$url", "r"); if(!$hfile){ echo "Can't open file!"; exit; } while (!feof($hfile)){ $line = fgets ($hfile, 1024); echo $line; } }else{ echo "Your url got blocked by the filter!"; } ...

Answer 1:
Answer 2: