Remote code execution via web shell upload

This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

I actually had to use the walk-through on this one, log into the the account your given and upload your picture to the avatar. I did try get a revers shell but i wasn't getting any responds on netcat with know file uploads.

Last updated