Hi there, Im currently stumped working on a VM based CTF. I have discovered a web server running on port 80, and have enumerated several .php pages including a login.php page. However, the php pages are all blank and return nothing. I've tried the other possible attack vectors ( as far as my knowledge goes) to no avail, and I am thinking that these php files might be the key. AFAIK, accessing pages such as the login.php are usually crucial in finding a vulnerability and solving a CTF. I was wondering if anyone else had encountered a similar situation where they could not get access php pages, and if this behavior is intended or perhaps a configuration mishap (as this is on a locally hosted VM, although the rest of the VM and web pages served seem to work fine)
Thanks!!
[link] [comments]
from hacking: security in practice https://ift.tt/cPQYsG8
Comments
Post a Comment