Web - Void Whispers
Last updated
Last updated
In the dead of night, an eerie silence envelops the town, broken only by the faintest of echoes—whispers in the void. A phantom mailer is sending out silent commands, unseen and unheard, manipulating systems from the shadows. The townsfolk remain oblivious to the invisible puppeteer pulling their strings. Legends hint that sending the right silent message back could reveal hidden secrets. Can you tap into the darkness, craft the perfect unseen command, and shut down the malevolent force before it plunges the world into chaos?
This is the function that our user input reaches,
After a fraction of second, we can find the vulnerability, backend has shell_exec
to execute which
command.
So it checks if our user input has any ' ' (space) included, if yes, it returns 'Sendmail path should not contain spaces!'
There's a trick to bypass spaces in linux (which works in bash only)
We can use ${IFS}
instead of a
space.
_______________________heapbytes' still pwning