File Upload Vulnerabilities P12 | OverTheWire Natas 13

We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check on the image extension. We bypassed this restriction by changing the magic number of the file to appear as a GIF image then appended a short PHP one liner to execute system commands.. This was part of OverTheWire Natas Level 13 challenge.

Get OSCP Certificate Notes

Next Level Password:

qPazSJBmrmU7UQJv17MHk1PGC4DxZMEP

Video Walkthrough

CTF Writeups, OverTheWire CTF, OverTheWire Natas 13, OWASP

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

File Upload Vulnerabilities P12 | OverTheWire Natas 13

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Security Management Concepts Explained | TryHackMe

Encryption and Secure Remote Access | Linux Hardening TryHackMe

Press ESC to close

File Upload Vulnerabilities P12 | OverTheWire Natas 13

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Security Management Concepts Explained | TryHackMe

Encryption and Secure Remote Access | Linux Hardening TryHackMe