This was very smooth ! ❤️ Your tune of voice can make watch all of the channel videos without any issues 😁❤️ what a great content and great people you are intigriti ❤️ Love here from Egypt 😁❤️
We are really happy to hear that our videos are helping the community ❤️. And congrats on solving it! Make sure to check out our other videos as well if you need help!
you did justice to this lab. please what is the best solution to such an attack, does that mean if I upload a dot PHP file from the frontend (webb form) of the application it will still go through. without verifying the file extension?
Thank you! If I understand your question correctly, you want to know the best ways to prevent a file upload attack? There's a few common ones: - Blacklist dangerous extensions (in fact, it's much more secure to whitelist safe extensions) - Check the content-type of files being uploaded (sure, it has a .jpg extension, but is the content type PHP?) - Scan the file (does the file signature match the extension? a .jpg file should have a signature like "ÿØÿà")
Thank you Intigriti. I find these short videos easy to understand and extremely helpful for my learning.
Glad you like them! Going over all our videos should give you a solid base!
And there is more to come every week :)
This was very smooth ! ❤️ Your tune of voice can make watch all of the channel videos without any issues 😁❤️ what a great content and great people you are intigriti ❤️ Love here from Egypt 😁❤️
Thank you so much. We are glad the videos are easy to understand ❤️ We appreciate it that you are watching our videos!
that's is an amazing video man, I have been trying to solve this lab for over two weeks now. And I finally DID IT !!!!!
We are really happy to hear that our videos are helping the community ❤️. And congrats on solving it! Make sure to check out our other videos as well if you need help!
Bro thank you so much. As a beginner, I had no clue what any of this meant. I’m subbing.
Glad it could help and thanks for the sub! 🥰
amazing, we need such playlist more and more in the future
The more people that subscribe and watch our videos, the more videos we can make!
Thanks you Intigriti for providing such a quality content free of cost
It's our pleasure! 💜
the best channel to learn ethical hacking...very easy to understand
Thank you so much Moses 😇 We really appreciate it. Share the word!
you did justice to this lab. please what is the best solution to such an attack, does that mean if I upload a dot PHP file from the frontend (webb form) of the application it will still go through. without verifying the file extension?
Thank you! If I understand your question correctly, you want to know the best ways to prevent a file upload attack? There's a few common ones:
- Blacklist dangerous extensions (in fact, it's much more secure to whitelist safe extensions)
- Check the content-type of files being uploaded (sure, it has a .jpg extension, but is the content type PHP?)
- Scan the file (does the file signature match the extension? a .jpg file should have a signature like "ÿØÿà")
Honestly This Is Interesting.. Keep Pushing... Regards,Steiner254.
Thanks Alvin 💪 We will keep pushing for sure!
Hey bro. Really you r speaking Very Slowly and softly. I
Thank you so much 😀 We want to be accessible to every person, not just native speakers. So, we are trying our best!
Crystal Clear Explanation Thank You
Glad you liked it 😇
Well Explained brother ..... thanks you !!!
Glad it helped
Hello in this is the content of the file is saved in the db or the file is saved in the filesystem?
It would be on the filesystem!
thanks, may I suggest next vid is upload file leads to xss
Great suggestion! We will look into that one 😇
Does this lab restrict the codes that can be executed? Is only the get_file_content be used?
Yeah, the labs always have a clear goal for you in mind! If you read the lab's description, it becomes clear what you need to achieve!
I did everything correctly, sequentially, but in my Show File - Response - Content Length: 0 ...
Hey, did you manage to solve it? If not, it might be worth double-checking the steps in the official portswigger solution
wow thats cool... amazin video
🙏🥰
Love from kerala❤
💜
Bypassing security techniques for this ..
Can you elaborate further?
Thank U Inti!
You are welcome 😇
PS: It's called Intigriti 🤪
I can't stop going through the labs, that's it very addictive)))
Thanks!
There are far worse things to be addicted to 😉
@@intigriti this task cant be access for me..., it says eror on the access lab
love intigriti from india
Love back from Belgium!
Great ❤️❤️❤️
Thanks 😍😍😍
but wait where this carlos came from like i dont get that part why only carlos why not john mike eddy
Good point 😅
1st
Wooowzers 💪
Didn't explain the most important part 'why the code gets executed' and 'why does content-type not able to mitigate this'. One word: Disappointed.
More details can be found in our Hackademy which is directly linked below in the description! 😇
@@intigriti Thanks!