I stuck on the Skills Assessment - File Upload Attacks.
I don’t find the File Path. Please can someone help me?
thx
Hey!
I recommend using one of the methods they mentioned to grab the source code of the web functions/pages.
DM me if you need a bigger nudge!
-onthesauce
1 Like
I can upload what I want, so far so good. Is there are possibility to get to the source code of the upload script? Doing everything blindly did not give me any result so far.
It is possible, in fact I would say it is crucial. Doing so uncovers important information surrounding the whole process.
I recommend going through the upload process a few times normally and observing how it works. I spent a few minutes just uploading legitimate files to see each step in the process. Although, it sounds like you have done so already. As always feel free to DM me.
-onthesauce
1 Like
Hello,
Can anyone help me? I am block.
I can’t find the file path. 
Thx,
Have you found a way to get the source code?
-onthesauce
Hey! I understand correctly that in order to read the source code you need to download the .svg file and implement XXE? Can’t load svg. What am I doing wrong?
If I remember correctly you need to upload an .svg file that will read you the source code. My memory is fuzzy on this though.
I am stuck on uploading .svg file. How to upload it? is there .svg file bypass methods?
if anyone is having a hard time uploading the svg file to read the source code you can use this script to fuzz for extensions
#!/bin/bash
for ext in ‘.svg’ ‘.php’ ‘.phps’ ‘.php8’ ‘.php7’ ‘.php5’ ‘.php4’ ‘.php3’ ‘.php2’ ‘.pht’ ‘.phar’ ‘.phpt’ ‘.pgif’ ‘.phtml’ ‘.phtm’; do
echo “shell.jpg$ext” >> php_whitelist_wordlist_small.txt
echo “shell$ext.jpg” >> php_whitelist_wordlist_small.txt
echo “shell$ext” >> php_whitelist_wordlist_small.txt
done
also if you don’t know php very well like me you can use this and run snippets of code,
" echo $variable; " is good to see the output of how they are constructing strings
if anyone is still having a issue you can feel free to dm me
I’ve been able to upload my file and find where it is being stored but I need a hint on actually accessing that file…
Read the source code for upload.php carefully. The file is modified before storing.
No matter what extension(s), content-type I try, I’m can’t seem to get past, “Only images are allowed.” Someone today told me they successfully uploaded the file using shell.phar.jpeg, but it won’t work for me. What am I missing?
Hi, I’m stuck with this assigment. I’ve discovered, allowed extensions, content-type, and magic number but when I use the payload to read upload.php file’s contents I get my payload base64 encoded as a response in all cases. Please, can anyone help?
I thought of an approach, just guide me whether I am correct or not…
I would first try to upload an .svg file with a XXE script which would give me the source code of the “submit.php” which is the page we get redirected to by default.
Then after using that source code I would get the path where the files are being uploaded.
Finally I would upload a .php shell and gain RCE to get the “flag”.
Please help if I am thinking the right way.
whenever i try to upload the svg file i get an internal server error. None of the magic bytes seem to work either
I was getting this too, until I switched to PwnBox - then I got it first try. It must be something about my home network that’s messing with the request…
Anyone able to help me? I am able to retrieve and view the /etc/passwd file but am stuck there, I tried to point to other files but always get a 500 internal error.
the reading part is useful to extract the source. once you do that, you understand you need to point the URL to get one of your uploaded file to execute some PHP code. if your PHP code doesn’t get executed try other php extensions. some are executed by the server while some aren’t.
1 Like