File Upload 4 | Web Shell Upload via Extension Blacklist Bypass #BugBounty

Did we help you today? Show us your love here:
https://buymeacoffee.com/TORHAT
Paytm: https://tinyurl.com/TORHAT

Want us to train you for courses and certifications?
https://hmcyberacademy.com/learners.html

Want to hire us or our students for VAPT or SOC?
https://hmcyberacademy.com/companies.html

This video is for Educational purposes only.
https://portswigger.net/web-security/file-upload
https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-extension-blacklist-bypass

Steps to solve:
1. Login as wiener.
2. Upload a basic php webshell as shown in video. (cannot type code here. Sorry. Youtube restrictions.)
3. Intercept the request, change file name to .htaccess
Change Content-Type Header to text/plain
Change body of content to:
AddType application/x-httpd-php .hmca
Send it.
4. Now, Upload virus.php. Intercept request, change name to virus.hmca and send it.
5. In browser, go to location YourLabWebsite.com/files/avatars/virus.hmca

Socials:
Whatsapp: https://chat.whatsapp.com/JEWGrpUOqXxGYZas9901Ib?mode=wwc
Linkedin: https://www.linkedin.com/company/hmcyberacademy
Twitter: https://twitter.com/hmcyberacademy
Telegram Group: https://t.me/+a9nwT9mdgeJhMDA1
Instagram: https://www.instagram.com/hmcyberacademy/
Discord: https://discord.com/invite/caMKZRBjty
Rumble: https://rumble.com/c/hmcyberacademy
Email: [email protected]

#hmcyberacademy #portswigger #Cybersecurity #EthicalHacking #HackingLab #SecurityChallenge #CTF (Capture The Flag) #Infosec #WebSecurity #CyberChallenge #BugBounty #CaptureTheFlag #HackingChallenge #HackMe #SecurityTraining #password #fileupload #DebugPage #bugbounty #bugbountyhunter #bugbountytips #bugbounty #bugbountyhunter #bugbountytips