Let’s play a game: what is the deadly bug here?

Channel:

Subscribers:

921,000

Published on January 27, 2018 2:47:18 AM ● Video Link: https://www.youtube.com/watch?v=MpeaSNERwQA

Duration: 12:54

485,932 views

15,394

This short php code contains a critical vulnerability. In this video I will explain in detail what I think while analysing it.

Original source of challenge: https://www.securify.nl/en/blog/SFY20180101/spot-the-bug-challenge-2018-warm-up.html
Link to tweet: https://twitter.com/xxByte/status/951499972582703104

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CodeAudit #WebSecurity

Other Videos By LiveOverflow

2018-03-30	ey! Look for patterns
2018-03-23	Fuzzing with radamsa - Short
2018-03-16	Linear independence and GF(2) - 34C3 CTF software_update (crypto) part 2/2
2018-03-09	Python code audit of a firmware update - 34C3 CTF software_update (crypto) part 1/2
2018-03-02	Global variable Buffer Overflow to leak memory - 34C3 CTF readme_revenge (pwn)
2018-02-23	CSS Keylogger - old is new again
2018-02-16	STOP WASTING YOUR TIME AND LEARN MORE HACKING!
2018-02-10	MMORPG Bot part 2 - Some thoughts on the data
2018-02-09	MMORPG Bot Reverse Engineering and Tracking
2018-02-02	heap0 exploit speedrun & weird ASCII string on the Heap - bin 0x28
2018-01-26	Let’s play a game: what is the deadly bug here?
2018-01-19	TROOPERS 17 Badge ft. BadgeWizard
2018-01-12	Identifying UART and main() in an AVR firmware (ft. Zeta Two) part 1 - rhme2
2018-01-05	Regular expression as Finite-state machine - Short
2017-12-29	TROOPERS 17 - PacketWars solved with an iPhone
2017-12-22	Searching for Bitcoins in GitHub repositories with Google BigQuery
2017-12-15	Adapting the 32bit exploit to 64bit for format4 - bin 0x27
2017-12-08	Some thoughts on Mobile App Security - is it FUD?
2017-12-01	format2 on a modern Ubuntu - bin 0x26
2017-11-27	Looking for Feedback - Link to Survey in the Description
2017-11-24	Stack grooming and 100% reliable exploit for format0 - bin 0x25

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

php

php hmac

hmac

vulnerability

bug

critical

severe

fail

php bug

php exploit

web hacking

php hacking

php website

php challenge

ctf

game hacking

hacking process

step by step

tutorial

hacks

hack

php reversing

nonce

sha256

hash_hmac

exec

system

code exec

remote exploit