but when i tried added like .php5 it allowed me to upload the file but i wasn't able to execute the commands , i even tried going back a few directories to execute them but didn't work
Quick question. How did you know to map a random file extension to application/x-httpd-php? I tried mapping .php6 and .phtml to application/x-httpd-php, but I got an internal server error, but after googling for a while, I found out you can map a random extension and that's how I solved the lab.
Heyyy, I didn't solve this challenge myself but I would guess that the .php6 and .phtml are already mapped extensions, so we would need a random one.. Maybe .php69 would work 🤔
@@intigriti I guess that means it's not possible to overwrite a previously defined extension 🤔. I guess I'm mad at myself for taking ages to think of this other approach 😅
Hmm. I have a question. We uploaded a .htaccess file. which is uploaded to /avatars/.htaccess . now, basically the server conf. are stored in the root dir of the server. we uploaded the .htaccess to /avatars dir. so, if we uploads a .htaccess to a dir, then the .htaccess conf. file with work only inside the dir right? it will not work as universal! am i right?
Thats exactly what came up to my mind! I also think this trick might work IF AND ONLY IF the files are uploaded on root directory (or where the config files are exactly located). Not to mention that by doing such thing, the webapp will get messed up as you will be overwriting to the existing config files.
.htaccess files are not overwriting the overall server config. They are just an addition on a per-directory basis. So, in our case we are just adding an "AddType" config for the folder where we are allowed to upload files. It's not universal, no! Hope this clears things up a bit :)
Thanks for you video.. am working in real word website. I had the ability to upload! But didn't know the directory of the uploaded file. Is there anyway to know what is the directory of the uploaded file?
Thank you! Can you view your uploaded file? Can you download it? Or maybe copy/share a link to it? The path (and filename) might reveal itself when you explore the functionality like this. You could also try brute-forcing directories/files to see if you can locate it. Bare in mind you need to stick within the legal/ethical requirements of any bug bounty program, e.g. if you are brute-forcing, stick within the agreed limits.
but when i tried added like .php5 it allowed me to upload the file but i wasn't able to execute the commands , i even tried going back a few directories to execute them but didn't work
Excellent video with a very clear explanation. Thank you very much for sharing this!
Glad it was helpful! 💜
Quick question. How did you know to map a random file extension to application/x-httpd-php? I tried mapping .php6 and .phtml to application/x-httpd-php, but I got an internal server error, but after googling for a while, I found out you can map a random extension and that's how I solved the lab.
Heyyy, I didn't solve this challenge myself but I would guess that the .php6 and .phtml are already mapped extensions, so we would need a random one.. Maybe .php69 would work 🤔
@@intigriti I guess that means it's not possible to overwrite a previously defined extension 🤔. I guess I'm mad at myself for taking ages to think of this other approach 😅
你好厉害呀,支持你
谢谢 💜
Hmm. I have a question. We uploaded a .htaccess file. which is uploaded to /avatars/.htaccess . now, basically the server conf. are stored in the root dir of the server. we uploaded the .htaccess to /avatars dir. so, if we uploads a .htaccess to a dir, then the .htaccess conf. file with work only inside the dir right? it will not work as universal! am i right?
Thats exactly what came up to my mind! I also think this trick might work IF AND ONLY IF the files are uploaded on root directory (or where the config files are exactly located). Not to mention that by doing such thing, the webapp will get messed up as you will be overwriting to the existing config files.
.htaccess files are not overwriting the overall server config. They are just an addition on a per-directory basis. So, in our case we are just adding an "AddType" config for the folder where we are allowed to upload files.
It's not universal, no! Hope this clears things up a bit :)
@@intigriti Got it! , files only under /avatars/* and obey the .htacces rules. bcoz, we uploaded. its the nature of apache server!
It takes precedence over the global config only for the specific directory
Thanks for you video.. am working in real word website. I had the ability to upload! But didn't know the directory of the uploaded file. Is there anyway to know what is the directory of the uploaded file?
Thank you! Can you view your uploaded file? Can you download it? Or maybe copy/share a link to it? The path (and filename) might reveal itself when you explore the functionality like this. You could also try brute-forcing directories/files to see if you can locate it. Bare in mind you need to stick within the legal/ethical requirements of any bug bounty program, e.g. if you are brute-forcing, stick within the agreed limits.
Do you have discord?
Yessss! go.intigriti.com/discord
Why wasn't the .htaccess file allowed to be executed by reloading the my account page and the shell file was immediately uploaded
The .htaccess file is not getting executed. It's just a configuration file instruction Apache on how to handle files within a specific folder.
Thanks, Mr.
🥰
Awesome! Learnt something new here today
Glad to hear it! If you learn sth new every day, you will be an expert soon ❤️
inspiring me. But I get 303.
How to solve this issue
Did you solve the lab? Double check the official solution on portswigger.net if the steps in this video don't work for you
How do we modify web.config on IIS servers?
If you don't own the server, I don't think that's possible 😅
how to intercept and change request without burp?
You can do it in Firefox in the browser or use another tool such as Zap
👀
thanks 🙏
Welcome! 💜