Burp Suite User Forum

Login to post

Academy Mystery Labs - File upload challenges are missing /home/carlos/secret

Chris | Last updated: Mar 16, 2022 01:29PM UTC

I have noticed that all of the Mystery challenges for file upload vulnerabilities do not have the required '/home/carlos/secret' file. This makes it impossible to submit the solution. Steps to reproduce: 1) https://portswigger.net/web-security/all-labs 2) In Mystery Labs: Select any level, Select File Upload Vulnerabilities 3) Solve the challenge, and observe there is no file /home/carlos/secret in the container Running 'ls -alR /home' show shows the contents of /home/carlos /home/elmer and /home/peter, none of them contain a secret file. Is anyone else seeing this issue or can confirm?

Adrian | Last updated: Mar 16, 2022 03:01PM UTC

I can confirm it, happened to me too. I've also checked it with 'ls -al' command and the directories were empty.

Liam, PortSwigger Agent | Last updated: Mar 16, 2022 03:41PM UTC

Chris, Adrian, thanks for these reports. We'll investigate and update this thread ASAP.

Liam, PortSwigger Agent | Last updated: Mar 16, 2022 08:19PM UTC

We have replicated this issue. We'll keep you updated. Thanks!

Mohammad | Last updated: Oct 28, 2022 07:56AM UTC

I confirm this also

Liam, PortSwigger Agent | Last updated: Oct 28, 2022 01:09PM UTC

Thanks, Mohammad. We'll look into this again.

Liam, PortSwigger Agent | Last updated: Nov 16, 2022 02:46PM UTC

Hi Mohammad. We've checked this issue, and we think everything is working as expected. Could you provide some more detail about the problem you are facing?

You need to Log in to post a reply. Or register here, for free.