.png)
6 months ago
34 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey Guy's! How are you?
Sorry to keep you waiting for so long.
Here we’ll see how i was able to escalate an simple Account takeover to RCE. If you haven’t read the first part please read it first here.
So Lets Begin the show!!!!!!!!!
So After login to ADMIN account i observe that there was an functionality via which we were able to update the existing user details or create new users.
So as we already had one user, without wasting much time i tried to update his profile picture with as web shell and guess what i was able to upload the web shell without any validation.
But one point to consider here is that are we able to execute this shell.Well there is only one way to find out.
Lets login to user account, browse to profile section and open the profile picture.BOOOOOM!! we got the shell!!!
Thanks for reading guys.Hope you have liked the article and if you have liked in do share and subscribe!! Till then, Enjoy the life and See you soon.
Bengali (Bangladesh) · 
English (United States) ·