AchN30

[LFI] Quick.Cart v6.5 admin.php:: ... SNIP ... extract( $_GET ); define( 'ADMIN_PAGE', true ); ... SNIP ... Funny, passing user input directly to extract x) --- We will need this later... admin.php:: ... SNIP ... require 'database/config/general.php'; ... SNIP ... Lets digg here :p database/config/general.php:: ... SNIP ... $config['change_language_to_polish'] = true; if( !defined(...

In the CTF IRC Channel (irc://freenode.net/forbiddenbits) we see in description: //try to have fun with our bot :D So we tried to execute some commands, and we got some of them "!", "!help" , "!flag", "!hidden", ... [16:26] <AchN30_> !help [16:26] <[FB]BOTx> 8,1 ima stupid bot : Hidden Challenge 01: [16:50] <AchN30_> !flag [16:50] <[FB]BOTx> Here's Your...