Pear

EasyWeb Security

Overview

I think I'm a very good developer and can find workarounds to get my things done. As you can see, it was so easy for me to secure my application from all those file inclusion attacks. I've blocked all the common wrappers and protocols, so good luck trying to hack this! I even disabled file uploads and error displays. My application is definitely unhackable now! flag format: flag{}

Lab Details

Prerequisites & Requirements

Basic understanding of PHP and web vulnerabilities
Knowledge of Local File Inclusion (LFI) vulnerabilities
Familiarity with Docker environments
Understanding of command-line tools

What will you learn?

How to identify and exploit Local File Inclusion vulnerabilities
How to bypass input filtering mechanisms
How to escalate LFI to Remote Code Execution (RCE)
How to leverage PEAR (PHP Extension and Application Repository) for exploitation
Understanding security implications of PHP configurations
Why certain exploitation techniques fail against specific protections

Tools

Web browser
Python for exploit scripting
Basic HTTP requests knowledge
Docker (for running the challenge locally)

Job Positions

Bug Bounty Hunter

Pear

Overview

Lab Details

Job Positions

Tags