Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Academy lab bug - Web shell upload via extension blacklist bypass

Michel | Last updated: Aug 16, 2023 02:35PM UTC

This is a file upload vulnerability lab, but it seems it's broken since I only get "missing parameter" error even when trying to upload a legit comment and image: https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-extension-blacklist-bypass Wonder if this is indeed broken or I'm just missing something.

Michelle, PortSwigger Agent | Last updated: Aug 17, 2023 09:41AM UTC

Hi Do you also have issues if you try to upload an image via the My Account page? Can you email some details of the steps you're taking and screenshots of what you're seeing to support@portswigger.net so we can take a closer look, please?

Michel | Last updated: Aug 17, 2023 05:34PM UTC

Hi! Actually it works fine from "my account" page. I went to the obvious place for image upload (the post itself) and neglected to look inside the profile. thanks!

shem | Last updated: Jul 13, 2024 02:33PM UTC

THIS LAB CRASHES DID EVERYTHING AS REQUESTED COUPLE OF TME BUT IT SEEMS THERE IS AN ERROR ON THE OTHER SIDE

Dominyque, PortSwigger Agent | Last updated: Jul 15, 2024 09:49AM UTC

Hi Shem, Can you please send us a screen recording/ screenshots of your attempt at the lab so we can see the exact steps you are taking? You can send this to support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.