PHP assert()¶

root-me challenge: PHP - assert(): Find and exploit the vulnerability to read the file .passwd.

etcetera.

Remember to sanitise all user input! / Pensez à valider toutes les entrées utilisateurs !
Don't use assert! / N'utilisez pas assert 

Resources¶

• HackTricks: Code execution with Assert()

Techniques¶

• Directory traversal

• Broken access control

• Path traversal runbook

Counter moves¶

PHP assert() is what this page works through. Server-side validation and least privilege are what these reduce to. The defender’s view can be found in the blue notes on the application layer as a target.