ctf-writeup/2023/Bucket CTF 2023/gif
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

gif

I made a secure php web app where I can upload all my gifs. Some people on the internet told me to run it in a docker container just to protect it from my personal files, but who cares.

About the Challenge

We were given a plain website that has the functionality to upload a GIF file.

preview

How to Solve?

The first thing I want to test is Unrestricted File Upload vulnerability where we can upload malicious file such as PHP file

first_try

At first I tried to upload a PHP file but the server wants us to upload GIF file. So I tried to change the extension file and the MIME type

second_try

The server still rejects our request. Now, I am trying to add the GIF magic header. (You can check another file's magic header here)

third_try

Yay success, now access the uploaded file on uploads endpoint. To obtain the flag, try to upload below code into the server

GIF89A; <?php system("cat /flag.txt"); ?>

flag

bucket{1_h4t3_PHP}