TempImage 1 & 2 | Hacker 101 CTF
FLAG 1 Intercept /doUpload.php request with proxy and change filename (in POST request) with directory traversal. Original Request filename.png Edited Request ../filename.png FLAG 2 Download valid png image with web shell. Webshell wasn’t working so I modified. Original Request Edited Request Confirm RCE /phppng.png?0=ls Capture the flag /phppng.png?0=grep+-R+FLAG FLAG1 trigged because of directory traversal attack. […]