🎃 Spooky SSC CTF 🎃

📤 Upload Portal

File upload vulnerabilities can allow attackers to upload malicious files to the server. Can you exploit this one?

Your Mission: Upload a malicious file to trigger the vulnerability!

💡 Challenge Overview

Goal: Upload a malicious file to trigger the vulnerability.

Difficulty: Intermediate - File upload security!

Time to complete: 5-10 minutes

Key Learning: File uploads need proper validation!

📤 The Upload Portal

File upload vulnerabilities occur when websites don't properly validate uploaded files. This can allow attackers to upload malicious files!

🛠️ How to Solve This Challenge:

Create a malicious file:
- Create a text file with: <?php system($_GET['cmd']); ?>
- Save it as shell.php.txt (note the .txt extension)
Upload the file - The system will detect the malicious content
Get the flag - It will appear when the system detects your malicious file

🔍 What You're Learning:

File Upload Security - How to secure file upload functionality
File Extension Bypass - How attackers evade file type restrictions
Web Shells - Malicious files that can execute commands

📤 File Upload Portal

Upload a file to test the vulnerability. Try uploading malicious files!

Select a file to upload...

🔍 File Upload Attack Vectors:

Upload files with executable extensions (.php, .jsp, .asp)
Double extensions (.jpg.php, .txt.php)
Null byte injection (file.php%00.jpg)
Case sensitivity bypass (.PhP, .PHP)
MIME type manipulation

Challenge: Upload a malicious file to get the flag!

🏁 Submit Your Flag

🏠 Back to Main Page