Web Shell Upload via Obfuscated File Extension

Опубликовано: 22 Май 2023
на канале: Intigriti

8,498

110

👩‍🎓👨‍🎓 Learn about File Upload vulnerabilities. Certain file extensions are blacklisted in this lab, but this defense can be bypassed using a classic obfuscation technique. To solve the lab, we'll upload a basic PHP web shell and use it to exfiltrate the contents of a "secret" file.

Overview:
0:00 Intro
0:12 Background: File upload vulnerabilities
0:31 Background: Obfuscating file extensions
3:42 Challenge info
4:20 Upload standard PHP webshell
5:00 Filter bypass
6:37 Remediations
7:57 Conclusion

For more information, check out https://blog.intigriti.com/hackademy/...

🔗 Portswigger challenge: https://portswigger.net/web-security/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com