File upload - Double extensions

20 Points  0x0

Gallery v0.02

Author

g0uZ,  

Level  Difficulty

Validations

19975 Challengers 11%

Note  Notation

966 Votes

To reach this part of the site please login

 64 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide HTML - Source code 49% 91415 5 g0uZ 3
pas_valide HTTP - Open redirect 18% 33819 10 Swissky 10
pas_valide HTTP - User-agent 25% 45525 10 g0uZ 10
pas_valide Weak password 34% 63145 10 g0uZ 7
pas_valide PHP - Command injection 18% 32327 10 sambecks 10
pas_valide Backup file 17% 31754 15 g0uZ 7
pas_valide HTTP - Directory indexing 24% 44032 15 g0uZ 7
pas_valide HTTP - Headers 16% 29858 15 Arod 9
pas_valide HTTP - POST 12% 22585 15 Th1b4ud 10
pas_valide HTTP - Improper redirect 13% 23231 15 Arod 10
pas_valide HTTP - Verb tampering 15% 26519 15 g0uZ 10
pas_valide Install files 15% 26409 15 g0uZ 2
pas_valide CRLF 10% 17583 20 g0uZ 7
pas_valide File upload - Double extensions 11% 19970 20 g0uZ 9
pas_valide File upload - MIME type 9% 15616 20 g0uZ 9
pas_valide HTTP - Cookies 14% 24928 20 g0uZ 7
pas_valide Insecure Code Management 3% 4248 20 Swissky 6
pas_valide JSON Web Token (JWT) - Introduction 3% 4776 20 Kn0wledge 4
pas_valide Directory traversal 11% 20425 25 g0uZ 3
pas_valide File upload - Null byte 8% 14188 25 g0uZ 4
pas_valide JSON Web Token (JWT) - Weak secret 2% 3284 25 Jrmbt 5
pas_valide JWT - Revoked token 1% 693 25 ArnC 6
pas_valide PHP - assert() 5% 8408 25 Birdy42 9
pas_valide PHP - Filters 7% 12366 25 g0uZ 3
pas_valide PHP - register globals 6% 10255 25 g0uZ 1
pas_valide PHP - Remote Xdebug 1% 303 25 mayfly 2
pas_valide File upload - ZIP 3% 5073 30 ghozt 3
pas_valide Command injection - Filter bypass 3% 3804 30 sambecks 6
pas_valide Java - Server-side Template Injection 4% 5912 30 righettod 4
pas_valide JSON Web Token (JWT) - Public key 1% 1381 30 Jrmbt 4
pas_valide Local File Inclusion 9% 15689 30 g0uZ 4
pas_valide Local File Inclusion - Double encoding 5% 7617 30 zM_ 3
pas_valide PHP - Loose Comparison 3% 3987 30 ghozt 4
pas_valide PHP - preg_replace() 4% 5788 30 sambecks 4
pas_valide PHP - type juggling 3% 5627 30 vic 4
pas_valide Remote File Inclusion 4% 6827 30 g0uZ 8
pas_valide SQL injection - Authentication 13% 23410 30 g0uZ 11
pas_valide SQL injection - Authentication - GBK 3% 5132 30 dvor4x 3
pas_valide SQL injection - String 6% 10832 30 g0uZ 8
pas_valide XSLT - Code execution 2% 2007 30 ghozt 5
pas_valide LDAP injection - Authentication 4% 6169 35 g0uZ 8
pas_valide NoSQL injection - Authentication 3% 4692 35 mastho 8
pas_valide PHP - Path Truncation 2% 3513 35 Geluchat 4
pas_valide PHP - Serialization 3% 4278 35 Arod 2
pas_valide SQL injection - Numeric 5% 8029 35 g0uZ 6
pas_valide SQL Injection - Routed 2% 2514 35 soka 5
pas_valide SQL Truncation 3% 3813 35 Geluchat 2
pas_valide XML External Entity 2% 2911 35 sambecks 2
pas_valide XPath injection - Authentication 3% 4463 35 g0uZ 6
pas_valide Java - Spring Boot 1% 1347 40 dvor4x 2
pas_valide Local File Inclusion - Wrappers 2% 1886 40 sambecks 4
pas_valide PHP - Eval 1% 1663 40 chmod 9
pas_valide PHP - Unserialize overflow 1% 186 40 mayfly 2
pas_valide SQL injection - Error 3% 4048 40 sambecks 4
pas_valide SQL injection - Insert 1% 1686 40 sambecks 3
pas_valide SQL injection - File reading 2% 3104 40 Arod 3
pas_valide XPath injection - String 2% 2521 40 g0uZ 5
pas_valide NoSQL injection - Blind 1% 1731 45 ghozt 5
pas_valide SQL injection - Time based 2% 2935 45 ycam 4
pas_valide Server Side Request Forgery 1% 698 50 sambecks 5
pas_valide SQL injection - Blind 3% 4319 50 g0uZ 5
pas_valide LDAP injection - Blind 1% 1874 55 g0uZ 1
pas_valide XPath injection - Blind 1% 1287 75 g0uZ 4
pas_valide SQL injection - Filter bypass 1% 1317 80 sambecks 5