Web shell upload via Content Type restriction bypa
Web shell upload via Content-Type restriction bypass
Solution
Login to PA as user wiener
L: wiener
P: peter
Upload payload: webshell.php
Change line: 21 (Content-Type)
from Content-Type: application/x-php to Content-Type: image/
Open location: view-source:https://0a2e00e80314b12d823f06bc006e0048.web-security-academy.net/files/avatars/webshell.php
Line:60 I see:
<img src="/files/avatars/webshell.php" class=avatar>
view-source:https://0a2e00e80314b12d823f06bc006e0048.web-security-academy.net/my-account
---
view-source:https://0a2e00e80314b12d823f06bc006e0048.web-security-academy.net/files/avatars/webshell.php
Submit solution