Code: Fix a bit typo

Jerit3787 · Dec 16, 2023 · a13ba81 · a13ba81
1 parent 20b3437
commit a13ba81
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/_posts/2023-12-17-wargamesmy-2023-writeup.md b/_posts/2023-12-17-wargamesmy-2023-writeup.md
@@ -47,7 +47,7 @@ I've launched Burp Suite and started analysis the backend.
 
 ![](/assets/img/posts/image2.png)
 
-From the response, we can take a look at its PHP version `7.4.21`. Since, there is no way to do LDF (Local Directory Inclusion), I've searched the internet if we could see a bug in this version. Suprisingly, I've found one that allows us to obtain server code here.
+From the response, we can take a look at its PHP version `7.4.21`. Since, there is no way to do LFI (Local File Inclusion), I've searched the internet if we could see a bug in this version. Suprisingly, I've found one that allows us to obtain server code here.
 
 Based from the web "[https://blog.projectdiscovery.io/php-http-server-source-disclosure/](https://blog.projectdiscovery.io/php-http-server-source-disclosure/)", you can manipulate the internal server code to force publish the php code. This bug is fixed on later releases `PHP 7.4.22+`.
 
@@ -135,7 +135,7 @@ $flag="flag{fakeflag_dontsubmit}";
 
 This is where is my mistake, I first thought that the flag is generated on the server then replacing this fake flag. So, I've completed on passing every check only to know that I've obtained again the fake flag (not written here tho). From here, I've proceed on bypassing everything on the `index.php` file.
 
-Apart from that, other interesting here is the `echo $_POST['func']($value);`. This line shows that we could inject a function and run server-side code from here. Plus, we don't need to search ways to get it to output the code since `echo` is here which causes us to find a PHP code that can give direct output. But, there is a check in place for the `func` attribute.
+Apart from that, other interesting here is the `echo $_POST['func']($value);`. This line shows that we could achieve RCE (Remove Code Execution) and run server-side code from here. Plus, we don't need to search ways to get it to output the code since `echo` is here which causes us to find a PHP code that can give direct output. But, there is a check in place for the `func` attribute.
 
 `if(in_array($_REQUEST['func'], ['is_string','is_null','is_numeric']))`