Info:

This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.

Goal:

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

First i will login with wiener : peter and i will go to /my-account

i will choose file and upload it

What’s the file i will upload it

i will upload PHP File it will exfiltrate the content of file from /home/carlos/secret

if you don not PHP you can use Chatgpt To code it

<?php 
echo file_get_contents('/home/carlos/secret'); 
?>

it’s just print the content of secret file with file_get_contents Buitl-in Function

and save it as shell..php

upload this flle and click on upload

ohh it accepted it . there is no validation so we need to Go the burp and send the Get Request

for this endpoint GET /files/avatars/shell.php

and send the request