Hello,
I have a problem with solving the Skills Assessment - File Upload Attacks.
Here are the steps I followed:
- I created a shell.php file with the following code:
يُرجى استخدام الرمز بحذر. مزيد من المعلومات
content_copy
- I used a hex editor to convert the file to JPEG format by adding the following bytes:
FF D8 FF EE
- I changed the file extension to .phar.jpeg.
- I uploaded the file to a website and it was successfully uploaded.
- I tried to view the source code of the file by going to the following URL:
view-source:http://94.237.59.12:38629/contact/user_feedback_submissions/test2.phar.jpeg?cmd=cd%20../../../../../;ls
At this point, I do not get any results, and even viewing the source code does not show any results.
Can some one help me?
Thanks