Burp Suite User Forum

Create new post

Academy lab bug - Web shell upload via extension blacklist bypass

Michel | Last updated: Aug 16, 2023 02:35PM UTC

This is a file upload vulnerability lab, but it seems it's broken since I only get "missing parameter" error even when trying to upload a legit comment and image: https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-extension-blacklist-bypass Wonder if this is indeed broken or I'm just missing something.

Michelle, PortSwigger Agent | Last updated: Aug 17, 2023 09:41AM UTC

Hi Do you also have issues if you try to upload an image via the My Account page? Can you email some details of the steps you're taking and screenshots of what you're seeing to support@portswigger.net so we can take a closer look, please?

Michel | Last updated: Aug 17, 2023 05:34PM UTC

Hi! Actually it works fine from "my account" page. I went to the obvious place for image upload (the post itself) and neglected to look inside the profile. thanks!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.