Various web applications allow users to upload files (eg images, music files etc). The uploaded files can create momentous risk if not handled in a secure way. Depending on the how the file is processed and where it is stored the impact of the file upload vulnerability may vary.
The impact of this vulnerability is high, a supposed code can be executed in the server context or on the client side. The likelihood of detection for the attacker is high. The prevalence is common. As a result, the severity of this type of vulnerability is high.
What you will learn
After completing this scenario you will how to bypass naive extension checks that are sometimes used to try and restrict the type of file being uploaded
To complete this scenario, it is important to understand how to get shells (establishing a persistent connection) with the target machine. More importantly, only bind shells will work for this scenario, meaning you connect to the target rather than forcing the target to connect back to you (otherwise known as a reverse shell).
This scenario contains one virtual machine running a web application in a docker container.
- TIME30 MINUTES
- COST10 CRYSTALS