Return to forum
OpenSource - HTB [Discussion]
by - Thursday, January 1, 1970 at 12:00 AM
Member
Member
Posts: 37
Threads: 0
Joined: N/A
Reputation: 0

#51
May 23, 2022 at 6:15 AM
(May 23, 2022, 12:03 AM)Himitsu Wrote: WriteUp is available here:


But i'm think you don't really need it as all information on the way to resolve this box are already available in this thread.


thanks
Reply
Member
Member
Posts: 9
Threads: 0
Joined: N/A
Reputation: 0

#52
May 23, 2022 at 6:43 AM
thankzz
Reply
Member
Member
Posts: 3
Threads: 0
Joined: N/A
Reputation: 0

#53
May 23, 2022 at 7:11 AM
(May 23, 2022, 12:03 AM)Himitsu Wrote: WriteUp is available here:


But i'm think you don't really need it as all information on the way to resolve this box are already available in this thread.


Asdf
Reply
Member
Member
Posts: 33
Threads: 0
Joined: N/A
Reputation: 0

#54
May 23, 2022 at 7:21 AM
thanks man
Reply
Member
Member
Posts: 4
Threads: 0
Joined: N/A
Reputation: 0

#55
May 23, 2022 at 7:34 AM
(May 23, 2022, 12:03 AM)Himitsu Wrote: WriteUp is available here:


But i'm think you don't really need it as all information on the way to resolve this box are already available in this thread.


Thank you very much!
Reply
Banned
Posts: 48
Threads: 0
Joined: N/A
Reputation: 0

#56
May 23, 2022 at 8:25 AM
(May 23, 2022, 12:03 AM)Himitsu Wrote: WriteUp is available here:


But i'm think you don't really need it as all information on the way to resolve this box are already available in this thread.


nicezz
Reply
BreachForums User
VIP
Posts: 213
Threads: 0
Joined: N/A
Reputation: 56

#57
May 23, 2022 at 8:35 AM
I found that filename="..//app/app/views.py" is not necessary, since ../ gets filtered out.

All that is needed is filename="/app/app/views.py"

This is because os.path.join(os.getcwd(), "public", "uploads", "/app/app/views.py") evalutes to "/app/app/views.py".
Reply
Banned
Posts: 33
Threads: 0
Joined: N/A
Reputation: 0

#58
May 23, 2022 at 9:44 AM
(May 23, 2022, 12:03 AM)Himitsu Wrote: WriteUp is available here:


But i'm think you don't really need it as all information on the way to resolve this box are already available in this thread.
Reply
Advanced User
Advanced
Posts: 73
Threads: 0
Joined: N/A
Reputation: 11

#59
May 23, 2022 at 9:47 AM
(May 23, 2022, 08:35 AM)Exa Wrote: I found that filename="..//app/app/views.py" is not necessary, since ../ gets filtered out.

All that is needed is filename="/app/app/views.py"

This is because os.path.join(os.getcwd(), "public", "uploads", "/app/app/views.py") evalutes to "/app/app/views.py".


Good catch, indeed
Reply
Advanced User
Advanced
Posts: 73
Threads: 0
Joined: N/A
Reputation: 11

#60
May 23, 2022 at 10:10 AM
Also, just to clarify, members who all thanks should be send are below as mainly guide and help for this box:

@dude4695
@Internetdreams
@Exited3n
@RF0vmM9n87Go

Then thank you.
Reply


 Users viewing this thread: OpenSource - HTB [Discussion]: No users currently viewing.