200 - MyFileUploader - Web#
This is my new file uploader server. I bet you can't hack it!
Well, I bet I can. We are presented with a very basic uploading webpage as you can see :
Let's go ahead and try to upload this very cute, basic
.jpg picture :
Works. And as we can see, it also gives us the path where we can find this picture on the server :
Before exploring this path, let's try to upload a very simple webshell named
shell.php. It is actually Arrexel's script, as I find it very handy.
Nope. Doesn't want it, not surprisingly. After I tried different things, I understood I only needed to put
.gif anywhere in the name of the file. So the server would still take
evilshell.jpg.php as a valid input, but it would automatically erase
.php if present at the end of the filename. That was a problem.
Then I went to explore the path
/uploads and I found a directory called Don't open. Guess what? I opened it.
Inside was lying a
.htaccess file with a very interesting content :
This means that any file ending with the home-made extension
.cyb3r will be processed by the server as php code. Nice.
It was actually pretty straight forward after that.
Let's take our phpbash shell and rename it to
shell.png.cyb3r, then upload it.
Worked! The moment of truth now... Let's navigate to our upload path and...
Yep! Got a webshell, thanks to Arrexel. :smile:
Now let's just list what's inside this exciting
7H3-FL4G-1S-H3r3 folder :
Interesting use of
.htaccess which I never heard about before. Also, felt nice to use Arrexel's script again.