Skills Assessment - File Upload Attacks

Razien · March 7, 2022, 11:50pm

I stuck on the Skills Assessment - File Upload Attacks.
I don’t find the File Path. Please can someone help me?
thx

onthesauce · March 8, 2022, 12:13am

Hey!

I recommend using one of the methods they mentioned to grab the source code of the web functions/pages.

DM me if you need a bigger nudge!
-onthesauce

discovolante · March 24, 2022, 2:39pm

I can upload what I want, so far so good. Is there are possibility to get to the source code of the upload script? Doing everything blindly did not give me any result so far.

onthesauce · March 24, 2022, 2:51pm

It is possible, in fact I would say it is crucial. Doing so uncovers important information surrounding the whole process.

I recommend going through the upload process a few times normally and observing how it works. I spent a few minutes just uploading legitimate files to see each step in the process. Although, it sounds like you have done so already. As always feel free to DM me.
-onthesauce

ilan20 · April 7, 2022, 5:23pm

Hello,
Can anyone help me? I am block.
I can’t find the file path.
Thx,

onthesauce · April 7, 2022, 11:08pm

Have you found a way to get the source code?
-onthesauce

kannetea · January 13, 2023, 3:39am

Hey! I understand correctly that in order to read the source code you need to download the .svg file and implement XXE? Can’t load svg. What am I doing wrong?

UtopiousSpoon · January 14, 2023, 2:37pm

If I remember correctly you need to upload an .svg file that will read you the source code. My memory is fuzzy on this though.

mmar · January 19, 2023, 2:34pm

I am stuck on uploading .svg file. How to upload it? is there .svg file bypass methods?

johnnyvims · February 8, 2023, 3:13am

if anyone is having a hard time uploading the svg file to read the source code you can use this script to fuzz for extensions

#!/bin/bash
for ext in ‘.svg’ ‘.php’ ‘.phps’ ‘.php8’ ‘.php7’ ‘.php5’ ‘.php4’ ‘.php3’ ‘.php2’ ‘.pht’ ‘.phar’ ‘.phpt’ ‘.pgif’ ‘.phtml’ ‘.phtm’; do
echo “shell.jpg$ext” >> php_whitelist_wordlist_small.txt
echo “shell$ext.jpg” >> php_whitelist_wordlist_small.txt
echo “shell$ext” >> php_whitelist_wordlist_small.txt
done

also if you don’t know php very well like me you can use this and run snippets of code,

" echo $variable; " is good to see the output of how they are constructing strings

if anyone is still having a issue you can feel free to dm me

Duder289 · March 27, 2023, 2:19pm

I’ve been able to upload my file and find where it is being stored but I need a hint on actually accessing that file…

ishsome · April 22, 2023, 6:42am

Read the source code for upload.php carefully. The file is modified before storing.

benlbs · May 24, 2023, 8:14pm

No matter what extension(s), content-type I try, I’m can’t seem to get past, “Only images are allowed.” Someone today told me they successfully uploaded the file using shell.phar.jpeg, but it won’t work for me. What am I missing?

raul42 · September 16, 2023, 12:52pm

Hi, I’m stuck with this assigment. I’ve discovered, allowed extensions, content-type, and magic number but when I use the payload to read upload.php file’s contents I get my payload base64 encoded as a response in all cases. Please, can anyone help?