Description: Your task is to penetrate this site. You need to take advantage of the image upload and execute a JS script with an alert somehow through a file. Godspeed!
Vulnerability: File Inclusion
Try to access your data by guessing the attachment id
Oops… we lied, didn’t we? Check out where the images are stored in the editor’s choice.
A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the ‘include’ functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user’s input is passed to the file include commands without proper validation. The impact of this vulnerability can lead to malicious code execution on the server or reveal data present in sensitive files, etc.
After that I input “description” on Image Description form, and “title” on Image Title and then my alpha.png file, after receive upload successful go to the link Chess 1 (http://ctf.infosecinstitute.com/ctf2/exercises/ex8.php?attachment_id=1) in Editor’s Choice, We will look where our file that already successful uploaded. Open the link and then right click on the image, choose “View Image”, look for url address (http://ctf.infosecinstitute.com/ctf2/ex8_assets/img/chess1.png) then change to your file that you already upload, example: http://ctf.infosecinstitute.com/ctf2/ex8_assets/img/alpha.png, I got error:
I try upload the same file, but I change the extension from .png to .png.html, after successful upload and execute I pass to level 9.
Resources and Tools:
1. File Inclusion Attacks – http://resources.infosecinstitute.com/file-inclusion-attacks/
2. Text editor (Notepad, Notepad++, VIM, etc)