CTFtime.org / boot2root 2020 / Upload / Writeup

![](https://i.imgur.com/nEQGpLG.png)
# Upload(web)

url : http://198.211.100.125:8080/upload.php

After every hit-end trial method of uploading php code with different extensions. file Upload successfully with different php extensions (`php2, .php3, .php4, .php5, .php6, .php7, .phps, .pht, .phtml, .pgif, .shtml, .htaccess, .phar, .inc`) but code not work.

may be it is due to the **.htaccess protection**.

and this **upload.php** file always **overwrite** the existing file during uploading in directory.

so i decided to change the content **under .htaccess**.

than i make a **.htaccess** file with configuration.

```AddType application/x-httpd-php .png```

The above configuration would instruct the Apache HTTP Server to execute PNG images as though they were PHP scripts

**.htaccess** uploading success(hurray .htaccess file overwrited with our conf)![](https://i.imgur.com/uMZ2t4N.png)
![](https://i.imgur.com/d7Xb2qq.png)

----
lets upload the php code with .png extension and donot forgot to change content-type in burpsuite while uploading

```Content-Type: application/x-httpd-php```

![](https://i.imgur.com/O8qUA5D.png)
![](https://i.imgur.com/YCCEPmJ.png)
![](https://i.imgur.com/gXWMuCT.png)

# flag : b00t2root{remote_code_execution_vulnerability}

Original writeup (https://github.com/Red-Knights-CTF/writeups/tree/master/2020/Boot2root_ctf/Upload).

Upload

Comments

Sign in with