In the section “dev.inlanefreight.local” / image upload it says to change the Content-Type: header to image/png. If I do there’s no longer the error message but the file still doesn’t appear in the /uploads/ dir.
I tried for an hour different methods, like changing the Content-Disposition from multipart/form-data to attachment, actually uploading a png, adding the headers from previous sections etc. Just didn’t work.
Got it working finally using another file type
I just finished this section of the module. It was way too long, but I suppose that’s a good thing.
Reach out if you get stuck.
John
In the section Dealing with The Unexpected where we are going to http://tracking.inlanefreight.local/
I can follow the example and read files fine. But I am struggling with trying to figure out how to actually find the flag. Is there a way to get a reverse shell or run commands here? Thank you!
Hi there!
I am stuck in the exercise: “Use the SSRF to Local File Read vulnerability to find a flag. Submit the flag value as your answer (flag format: HTB{}).”.
I cannot find a flag. Not in the generated PDF document, nor in its properties / metadata, nor in the code, nor can I guess a file name for a flag or its location.
Did anyone find the solution?