We were able to upload images and it got saved in the /files/avatar/ directory :
We uploaded a basic PHP webshell but received the below response :
We used this wordlist from our HTB Academy Bypassing Filters notes and launched an Intruder attack using Burp. Through this, we identified a file extension that can bypass the validation.
We sent that request to Repeater, added a webshell and was able to successully upload our payload to the web server :
We successfully gained code execution on the web application, retrieved the flag, and completed the lab.
