CTF#2 Level 8

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex8.php

Description: Your task is to penetrate this site. You need to take advantage of the image upload and execute a JS script with an alert somehow through a file. Godspeed!

Vulnerability: File Inclusion

Solution:

A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the ‘include’ functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user’s input is passed to the file include commands without proper validation. The impact of this vulnerability can lead to malicious code execution on the server or reveal data present in sensitive files, etc.

Clear to me, I have to create a file that contain JavaScript with an alert command and then upload and execute the JavaScript to the server. So I create a file alpha.png using text editor (you can use your favorite text editor like notepad, notepad++, vim, textwrangler, etc. After that save your file with jpg or png extension) that contain

 <script>alert('Ex8')</script>

After that I input “description” on Image Description form, and “title” on Image Title and then my alpha.png file, after receive upload successful go to the link Chess 1 (http://ctf.infosecinstitute.com/ctf2/exercises/ex8.php?attachment_id=1) in Editor’s Choice, We will look where our file that already successful uploaded. Open the link and then right click on the image, choose “View Image”, look for url address (http://ctf.infosecinstitute.com/ctf2/ex8_assets/img/chess1.png) then change to your file that you already upload, example: http://ctf.infosecinstitute.com/ctf2/ex8_assets/img/alpha.png, I got error:
img-error-execute

I try upload the same file, but I change the extension from .png to .png.html, after successful upload and execute I pass to level 9.

level8

Resources and Tools:
1. File Inclusion Attacks – http://resources.infosecinstitute.com/file-inclusion-attacks/
2. Text editor (Notepad, Notepad++, VIM, etc)

0 comments