PortSwigger Lab: Web shell upload via path traversal | WalkThrough

Introduction

Hello everyone , in this post I will be showing the writeup of BurpSuite Lab (Web shell upload via path traversal) . After signin in we can see a avatar upload function , here we are going to upload a php webshell . The default folder where avatars are being kept has php_flag engine off in .htaccess file. Then we will apply LFI vulnerability with file upload vulnerability to bypass it and complete this lab.

Target

This lab contains a vulnerable image upload function. The server is configured to prevent execution of user-supplied files, but this restriction can be bypassed by exploiting a secondary vulnerability.

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

Detection

Login with the credentials given to us.

After login we can see a avatar upload function lets try to upload some php web shells.

Kali already has web-shells and here I am going to use qsd-php web-shell .

There are other builtin web- shells also u can see full list here.

right click on the image the click on view image.

It looks like php is not working as intended.

Lets try to use another web-shell [wwwolf-php-shell].

Failed again

Exploitation

May be we can put our web-shell in some other folder .

Result : Failed

It has been uploaded but we can not access that file. But what we can see here is a LFI vulnerability.

Result : Failed

yesss!! , it worked.

But the problem is the commands are not working here maybe we can upload a file that already execute php commands .

and it worked.

submit that secret to complete that lab.

Now lets see why our php code was getting blocked.

Code — Analysis

  1. .htaccess file is blocking our php code from working as intended. u can read more about this here.

--

--

--

eJPT | eCPPT | DarkArmy CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

InvArch Weekly(12/10/2021): Significant Technological and Community updates from InvArch Network

HackTheBox: Money Flowz OSINT Challenge

Meet us at Nantes P2P

How secure is your site?

An Aggregated Understanding of Vulnerability Analysis of CVE-2019–0752

Cyberdefenders.org — Boss of the SOC v1 Walkthrough

5 Evidences That You Are Successful at THREAT INTELLIGENCE

{UPDATE} Rivals Dead Shooter Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
WraithOP

WraithOP

eJPT | eCPPT | DarkArmy CTF Player

More from Medium

Journey to the first 2 CVEs

FFUF (Attacking web application with FUFF) — Academy Hackthebox

Utilization of OWASP Tools to protect against XSS vulnerabilities

HTB -Previse Walkthrough