Lab #1 Remote code execution via web shell upload

In this video, we cover Lab #1 in the File Upload Vulnerabilities module of the Web Security Academy. This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem. To solve the lab, we upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. We submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Notes.txt document:

Python script:

PHP web shell:

Web Security Academy Exercise Link:

Rana's Twitter account:

Complete and Continue