神刀安全网

File Upload Hacking Challenges

File Upload Exercises

A Text-Based MMORPG Game based off Mccode Lite (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

File Upload Hacking Challenges

For each challenge, you have ‘beat’ it if you can successfully get php code you wrote to run on the server. A quick and easy test script would look like this: <?php phpinfo(); ?>

Challenges:

Challenge 1: File extension validation

Challenge 2: Mime types client-side

Challenge 3: Mime types & image validation server-side

Challenge 4: More strict file extension validation

Challenge 5: Combo attack with local file inclusion

Challenge 6: Seeing what’s possible with file upload (such as php web shells).

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » File Upload Hacking Challenges

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮