Portswigger File Upload — Lab 1

Remote code execution via web shell upload

In this lab we have to upload a php file which can read contents from a file called secret. We are given the credentials through that we can login to an account which can update his email address and can change his avatar , so this where file upload vulnerability can occur

Here we have an option Myaccount ,so login with wiener:peter

We can upload the image file from here , so let’s make a php file which will read the contents from /home/carlos/secret , I tried to upload a php web shell which could execute any commands but functions like system , passthru , shell_exec are blocked

<?php echo file_get_contents('/home/carlos/secret'); ?>

So by using file_get_contents to read file we can retrieve the file that is required in order to complete the lab

Visit any post , and you’ll get the option to comment on it , look into the source code , you’ll see the url from your avatar is being fetched from

Then just submit this string to complete the lab

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

HORD Token Private Sale Claim Guide

Find a Driver License Number by SSN Online

The Arc Finance Private Sale: All You Need To Know

AUT Private Server Codes 2021

AUT Private Server Codes 2021

About EdgeSwap’s Public Beta and Edge Network!

{UPDATE} Nines Puzzle Hack Free Resources Generator

Using ATT&CK to Score Red Team Engagements

Reading Local files & Abusing AWS metadata services

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

Portswigger File Upload — Lab 2

Internal — THM Walkthrough

PortSwigger Lab: Modifying serialized data types | WalkThrough

Creating a Php Based Application find POC/Exploit from github by CVE-ID