< Back





2. Web shell upload via Content-Type restriction bypass

We abuse the same vulnerability as lab 1, but this time the website restricts
the Content-Type of the uploaded file. We bypass this restriction by uploading a file with a valid
Content-Type, image/jpeg, but the file's extension and contents are PHP. We then access the file
directly to gain remote code execution on the server, downloading the contents of
/home/carlos/secret.


Solution