This level is almost identical to the previous, except for some minor input sanitation. The script is now checking for the existence of three characters, “;”, “|”, and “&” in the user input. If they are found we receive an error message. See for yourself:
The great thing about this is that none of those characters are required for us to cause unintended results here. We can use the same attack string from the previous level. The only difference is that dictionary.txt will be searched as well because we are not ending our command with a “;” as before. The code will end up looking like this:
passthru("grep -i .* /etc/natas_webpass/natas11 dictionary.txt");
And the win:
