😼dogcat

Exploiting a PHP application via LFI or breaking out of a docker container.

By going to the website hosted on the IP 10.10.70.235, we are able to see the contents in the screenshot below.

The site hosted.

Upon taking a look at the source code on the home page, we are able to see nothing abnormal so far.

The home page's source code.

Doing the same thing on the "view=dog" and "view=cat" sites and the source code didn't look to be suspicious there either.

I loaded up burpsuite so that I could see if there were any interesting links popping up on the site that were out of the normal.