HackThisSite.org Basic Web Level 7
In this level our background information is:
This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:Enter the year you wish to view and hit ‘view’.
This is a fun little level it shows how you can inject unix commands into poorly written perl scripts. What Sam has done is created an obscurely name php script that holds an unencrypted password. Sam is showing off his talent by creating a calendar program written in perl. When used correctly the perl script returns a calendar for the year you type in the text box.
Hint: You will need more than one UNIX command to pass this level. Think about how you will enter more than one command and which commands you will need to use to list the files. You will need to change directories and list the files.