Exploiting a File Upload Vulnerability - MetaCTF
Вставка
- Опубліковано 23 сер 2024
- Follow me - beacons.page/shenetworks
This challenge was apart of a Black Hills Information Security miniCTF
Cyber Range - www.antisyphon...
BHIS Twitter - / bhinfosecurity
Backdoor - gist.github.co...
I really enjoyed this. The break down was top-notch and easy to follow. Thanks.
The last time I heard what sounded like 'rubber keys' was on my Sinclair 48K back in the 1980's, lol. If you've bought a keyboard with rubber keys, junk it. Lifes too short. Anyway, great video as always. And thanks for the FREE education, it's very much appreciated. Can't wait till next vid. 😚
So awesome to learn by watching you do this Ctf.
Love the video! Thanks for sharing your knowledge.
Excellent content! Keep it up.
well, this exploit is IMPOSSIBLE... I have no idea how that server parsed a PNG as PHP, that might be part of the CTF but in real world, its impossible
Hey dude do you have any idea if the server converts the image to base64 and then appends it in src of img tag instead of relying on image path, then is there any way to go further?
Hey I just tried in a local php server to see if it works. Unfortunately it doesn't. I saw this method last day tried adding in multiple paths in an image. Still doesn't. This won't work in a Apache server or a php?
kool enjoyed, look forward to some more
how to learn find vulnerability ?
currently very similar challenge in picoCTF
holy videos LETS GOOOOOOOOOOOOOO!
When I tried this on my local machine with apache web server, my server is not returning the image data as shown in your video instead of that my server is rendering the image. I dont understand that how in your browser the image is not rendering and server is giving the image data as text.
Thank you for your hard work 😄
Thank you !! :)
what if there is permission, that outputting "Acess denied" in page?
Awesome!
Good stuff
👍👍
Assalam aleykum every man an and women must cover their bodies according to islam
She's not muslim
lol woman
Omg. Your the most beautiful hacker I have ever seen. As a fellow pentester I see many people on a daily basis but you are incredible.
simp
Lmfaoo you can’t be serious Lmfaoo not the place to shoot your shot
Friend I like learning Cybersecurity..... Please help me friend...?
U can exploit Hadjis file anyday
contains a virus so the upload was canceled: YARA.php_in_image.UNOFFICIAL FOUND pls help