Academy - Whitelist Filters

I got some problems with the Whitelist Filters module question. I tried to use different techniques and got many alternative solutions to bypass the filters getting the “successful upload” message. The problem seems that the “successful upload” doesn’t correspond to an effective upload of the file into the profile_images folder.

Need some hint…

Never mind. Solved rewriting the wordlists.
Sometimes we need to go back to the beginning of the journey to find the right track…

1 Like

Hello, my congrats :slight_smile:
Can you please help with this?
I get OK result on upload files with those symbols, but don’t know how to send request with some already URL encoded chars, as %0a, etc…

You’ve used browser and URL encoded all the string to make request? curl only downloads php page :frowning:

The same, my problems were in unticking checkbox with URL encoding in Burp and I haven’t knew not blacklisted extention
Use only this one from previous exercise and be happy :slight_smile: