File Upload Attacks - Skills Assessment

Hi everyone,
Having trouble getting the upload to work for the happy case. If I browse and select a png file the name appears and when I click submit it sends a GET request with the message details and only the filename. I cannot detect the image data being sent at all. Is this by design? Also there is this green square that submits as well, but no image data upload.

1 Like

Try to intercept with burp when you upload and click on the green square. And you will see the request :smiley:

3 Likes

I’ve done this with a clean pwnbox & target, there is no request that includes image data, only the GET with 4 parameters including the image file name gets sent.
Clicking browse, selecting image and then clicking the green square just gives the reponse “Thank you for submitting your feedback”, repeating with Submit button give the same results. (also nothing in inspector network).

I tried changing the filename to something obviously invalid (php) and it still accepts?

Ok I got it, I could see the js code for the POST and was wondering why it wasn’t triggering. ParrotOS stock firefox plugins were blocking.
Thanks!

Anyone get to find the upload path? Tried may ways but no luck…

Just got the flag. Careless and rush are always the key enemy.

2 Likes

i need help,how can i find the path of the file i upload

Hi! Do you mean the upload directory or the uploaded payload itself?

payload

hah pal, I have the same issue.)

:neutral_face:

Text me, I will support you!

Thanks Satellite!
I just succeeded.
I would recommend try to understand the appropriate sample of the found code.

I feel like I’ve read every line of source start to finish and I still can’t seem to figure out where the file is going. Can you give me a nudge on what bit of source code I should be examining?

After the upload directory is found you should find out your payload filename. To do this you should understand payload naming algorithm that is its appropriate code.

Oh my gooosh hahaha. I didn’t know that was are a botton, I thought that are a only label for the file upload LOL. TY so much bro.

I’m kind of hung up too.
I deciphered the code. But in the end, I did not understand the way)

Did you gain access to the right .php file?

I have calculated the extension of the non-blacklisted and the allowed content type header.
I add at the end (.jpg) it loads.
But I’m not quite sure if I’m doing the right thing.
(if you do not add this extension at the end and do not correct the MIME-Type, then the file simply will not load.)

1 Like

So I got as far as getting the /etc/passwd to display. I am struggling to find the upload directory. I did get the source code for index.php but I don’t feel like its the right file to indicate where the upload path is. Can someone point me in the right direction? Thank you.