File Upload Attacks - Client-side Validation

Does anyone remember how to accomplish this exercise? Seems really easy, but I keep running into the “Only images are allowed!” message. I didn’t get the flag earlier, but I came back to it after lunch and started over from scratch. Now I can’t seem to even bypass the client-side validation.

After uploading my basic web shell, I pulled up the browser dev tools and deleted "onchange=“showImage()”. When I click Upload, it still says, “Only images are allowed!”


I have the same problem but i fixed. I recommend you to view this video from the channel of HTB, maybe help you to solve your problem.

Go to 1:24:55 aprox.
Good Luck.


Awesome! Thank you so much!