all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

PortSwigger — LAB-5 Web shell upload via obfuscated file extension (Bug Bounty Prep)[by…

Add to bookmarks
Feb. 18, 2024, 8:31 a.m. | dollarboysushil

InfoSec Write-ups - Medium infosecwriteups.com

PortSwigger — LAB-5 Web shell upload via obfuscated file extension (Bug Bounty Prep)[by dollarboysushil]

Link to lab: https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-obfuscated-file-extension

For any correction / query /suggestion contact on
Instagram dollarboysushil
Twitter (X) dollarboysushil
Youtube dollarboysushil
Linkedin dollarboysushil
Discord https://discord.gg/5jpkdeVLevel : Intermediate — . Highly recommended to solve previous labs

Login with given credentials.

Our Aim is to read content of /home/carlos/secret
For which, we will use this simple php code.

<?php echo file_get_contents('/home/carlos/secret'); ?>

This php code uses file_get_contents to read …

bug bounty cybersecurity ethical hacking portswigger web app security

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 1 day, 18 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 2 days, 18 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 3 days, 18 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 4 days, 19 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 4 days, 19 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 4 days, 19 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 4 days, 19 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 4 days, 19 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 4 days, 19 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States
View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052
View on infosec-jobs.com
View more jobs