1.3 KiB
Portswigger File Upload - Lab 1
Remote code execution via web shell upload
In this lab we have to upload a php file which can read contents from a file callled secret. We are given the credentials through that we can login to an account which can update his email address and can change his avatar , so this where file upload vulnerability can occur
Here we have an option Myaccount ,so login with wiener:peter
We can upload the image file from here , so let's make a php file which will read the contents from /home/carlos/secret , I tried to upload a php web shell which could execute any commands but functions like system , passthru , shell_exec are blocked
<?php echo file_get_contents('/home/carlos/secret'); ?>
So by using file_get_contents to read file we can retrieve the file that is required in order to complete the lab
Visit any post , and you'll get the option to comment on it , look into the source code , you'll see the url from your avatar is being fetched from
Then just submit this string to complete the lab