Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Writeup: Web shell upload via extension blacklist bypass - Aleyna Doğan

Aleyna

Portswigger Lab

Writeup: Web shell upload via extension blacklist bypass

updated on

Lab link.

The application has used a blacklist for security, but if we upload the .htaccess file, we can allow any file extension we want on the server. The file with the .php extension does not work.

We make changes to the POST /my-account/avatar request.

Now we can upload files with .l33t extension. We change the extension of our exploit in the repeater and send the request.

We trigger the GET /files/avatars/ request.

More Lab
Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir