## challenge

Job posting website for security experts, pentesters and hackers. http://indead-upload-avatar.ctf2021.hackpack.club

**Solving**

On the url we are given ; http://indead-upload-avatar.ctf2021.hackpack.club there is a file upload form

I tried uploading several files: a php shell , a jpg image and a js file and the jpg was accepted while the php shell was blocked as not a valid image.The function for checking image was leaked on the error as getimagesize().With this information we can conclude the site's backend is in php.

With getimagesize() function if i upload a file jpg/GIF, it checks the file header to determine the file type.

I went on ahead to upload a jpg and intercepted the request,changed the extension for the image.jpg to image.php and added some php code to check for php version.While uploading on burp the destination of upload was revealed as very_long_directory_path/image.php

**Test Payload**

Going to the destination of upload,the page displays the raw image and below my php code had executed and the page was showing the php version for the website.

So, I tried uploading it again with some shellcode.

**Flag Payload**

Voila! Upload successful and on changing to directory of upload the php has executed and the flag was

*"flag{y3tan0therfileuplo@dvuln}"*