Web - Server

Tuesday 8 August 2017, 03:05  #1
Web - Server - file upload zip
kurusanyasuke
kurusanyasuke
  • 3 posts

any help ? I’m stuck here

Tuesday 29 August 2017, 17:20  #2
Web - Server - file upload zip
0x88suN
0x88suN
  • 2 posts

Hello, I’m stuck here too. I’ve tried to perform directory-traversal attack by creating zip, that contains ../../[../](Filename). (U can read about it on exploit-db) Unfortunately, it doesn’t work. Any advice, please!

Monday 4 September 2017, 16:13  #3
Web - Server - file upload zip
0x88suN
0x88suN
  • 2 posts

Ok. You can read files, that was unzipped by the site (check it for .txt, jpeg files). File index.php is not accessible directly. Now, stop crying and recall in your mind: how can you read one file through another one?! (hint: i really don’t know how to perform this task using Windows - that’s why my chair was burned!).

Tuesday 5 September 2017, 13:13  #4
Web - Server - file upload zip
gh0st
gh0st
  • 3 posts

every file that was unzipped by server is readable, except for php extensions.

need to figure out how to run command without using php file...

of course, i’m stucked too

Tuesday 24 October 2017, 00:33  #5
Web - Server - file upload zip
Aswin
Aswin
  • 4 posts

I am stuck at this level. Can someone give me some hint? Thx

Monday 15 January 2018, 03:33  #6
Web - Server - file upload zip
dien.uet
dien.uet
  • 7 posts

you can find some bug-bounty blog that’s related zip-file attack !!
try your best buddyyyy!!!

Sunday 28 January 2018, 05:54  #7
Web - Server - file upload zip
Anonymous

the "hint" by 0x88suN about windows and his chair being burned—is the dumbest, most worthless hint I’ve ever seen. What is that even supposed to mean?

Sunday 17 June 2018, 21:48  #8
Web - Server - file upload zip
vertebarbe
vertebarbe
  • 1 posts

@0x88suN thanks for the hint man ! (no joke)

New reply New reply   New topic New topic