LinkedInGitHub

Bypassing Security Filters

To get the flag, try to bypass the command injection filter through HTTP Verb Tampering, while using the following filename: file; cp /flag.txt ./

Step 1 - Access the application:

Step 2 - Try to add a file in the input field:

  • If we try to insert a file with the naming test; we got blocked by the application

Step 3 - Change to POST method:

  • The application is using a GET method to insert the file, change is to POST:

  • And the file is successully uploaded:

Step 3 - Get the flag:

  • Now that we can bypass the command injection, lets insert the filename file; cp /flag.txt ./

  • Click on flag.txt

And we are done!

PreviousBypassing Basic AuthenticationNextMass IDOR Enumeration

Last updated