| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
- web security academy
- Path Traversal
- 스마트 컨트랙트
- Session Manager
- 정처기필기
- AWS SSM
- 보안 그룹
- web3 보안
- 정처기 필기
- splunk db connect
- web shell
- amazon s3 트리거
- web3
- AWS CLI
- 오블완
- metacodem
- 정처기
- systems manager
- 스마트컨트랙트
- 탈중앙화
- 티스토리챌린지
- aws lambda
- aws 트리거
- 메타코드
- 메타코드M
- 블록체인
- ELB
- File Upload
- metacode
- 정보처리기사
- Today
- Total
목록File Upload (2)
min8282
[File upload] Web shell upload via extension blacklist bypass
This lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed due to a fundamental flaw in the configuration of this blacklist.To solve the lab, upload a basic PHP web shell, then use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.You can log in to your..
[File upload] Remote code execution via web shell upload
This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.You can log in to your own account using the following c..