Alexeyan
commented
5 years ago Since i'm 95% sure you are doing the same lab that made me develop this exploit i'm leaving it to you to find a workaround.
Good luck!
Open marius-benthin opened 5 years ago
Alexeyan
commented
5 years ago Since i'm 95% sure you are doing the same lab that made me develop this exploit i'm leaving it to you to find a workaround.
Good luck!
Unbrick
commented
4 years ago Hey there,
any chance you can give some sort of hint? Struggeling at the same issue as @marius-benthin since a few days.
Alexeyan
commented
4 years ago Try to understand the bug behind it. Read the advisory from sektioneins.
Some parts of the exploit data can be omitted or shortened. PHP has other filters that do not expand the length, like base64 does. Maybe you can split exploiting this into multiple parts and first drop a different, shorter kind of file?
It depends on the scenario. Oh and check if it really is the correct version. I remember multiple different Piwik challenges.
dIELERx
commented
4 years ago Hey guys,
I am stuck at the same issue. Did anyone of you got a working solution or any more hints?
Tried to shorten it as much as possible, but still no success. Splitting it into multiple parts might be an option, but I have no glue how to do that ;D
Thanks
cryptoluks
commented
4 years ago Hi, I also did the lab a while ago. If I remember correctly you do not need need to shorten or split it at all. And I am not sure if you are using the correct cookie.
Just keep digging :smile:
dIELERx
commented
4 years ago Hi, I also did the lab a while ago. If I remember correctly you do not need need to shorten or split it at all. And I am not sure if you are using the correct cookie.
Just keep digging 😄
Thanks for your answer. Actually, I am not sure if I am using the correct cookie 😄 . I installed this old piwik version on a separate vm and did a successful login. I then modified this cookie and added the value from the php exploit and used it on the machine I try to enter.
ghost
commented
2 years ago I'm stuck at this as well. I tried shortening the cookie by entirely removing the Zend_Config object because it doesn't seem to be necessary, right? At least when looking at the source code provided by sektioneins it doesn't seem to be used in the exploit. All the variables
$configFileUpdated
$doWriteFileWhenUpdated
$correctCwd
$pathIniFileUserConfig
$userConfigseem to be necessary. The problem is that even if I shorten everything down to the minimum, the cookie is still much longer than 128 characters. Could somebody help me out here?
Hello Alexeyan, I am currently trying to exploit a test machine with Piwik 0.4.5 installed on it. Unfortunately this version validates the cookie session length that can not be longer than 128 characters. Do you have any suggestion to reduce the cookie length down to 128 chars?