Exploit Exercises Nebula 5: Level 09 Write Up
Level: https://exploit-exercises.com/nebula/level09/ There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. $contents = preg_replace(“/(\[email (.*)\])/e”, “spam(\”\\2\”)”, $contents); Using the e modifier is dangerous and has been removed as of PHP 7.0.0. It allows PHP code in the second argument. There is a $useme parameter which might come in handy. So what happens is you pass it…