Challenge : Buggy
The challenge is about bypassing 403 error along with file upload vulneribility and LFI.
When we entered the website there’s a login form and a link to register. After clicking on register we see a
403 Forbidden error.
Looking at this, thought we can bypass it which is smuggling the request to get registered. After some googling i found a way to bypass it
Intercepting the request with burp and forwarding it, our registration is successful.
Logging in, we find a file uploader which accepts any file extension. Uploading the file, it removes the uploaded file extension and convert the file name to a hash.
I thought of getting a PHP Shell and uploaded a php file.
After uploading the php, there’s an option to
include the file. We get a page with following details
The file has been uploaded to: /var/www/uploads/df0f1a1ac715de9266c8d8391769156a
To include the file, use ?include=
Here we get
include option allows only the content of
http (or) https.
The final payload for LFI will be
After getting the shell,
cat the files in directory.
The flag is in
A growing collection of the writeups that I've written in Web.