Zed Attack Proxy Cookbook by Ryan Soper & Nestor N Torres & Ahmed Almoailu
Author:Ryan Soper & Nestor N Torres & Ahmed Almoailu
Language: eng
Format: epub
Publisher: Packt
Published: 2023-11-15T00:00:00+00:00
How to do it...
In this lab, you will be exposed to a vulnerable image upload feature that does not validate the files uploaded by users before putting them on the serverâs storage.
You will exploit this flaw by uploading a simple PHP web shell and utilizing it to exfiltrate the contents of the /home/carlos/secret file.
Navigate to the Remote code execution via web shell upload PortSwigger Academy lab and obtain the credentials provided in the lab description. The following URL points to the lab: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload:
With the browser proxied to ZAP, log into the PortSwigger Academy website to launch the lab.
Once you launch the lab, navigate to My Account and log in with the wiener account, and peter as the password. This is also provided on the lab instruction page, where you click to launch the application.
From the My Account page, click Choose File and select any image you have to upload. In Figure 7.1, you can see I have selected an Avatar picture of myself and uploaded the photo. After you upload the picture, click on back to my account, and you will notice now you can see the image uploaded.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Optimizing Microsoft Azure Workloads by Rithin Skaria(5909)
Kubernetes in Production Best Practices by Aly Saleh and Murat Karslioglu(5634)
Cloud Computing Demystified for Aspiring Professionals by David Santana(4729)
Zed Attack Proxy Cookbook by Ryan Soper & Nestor N Torres & Ahmed Almoailu(4177)
Google Cloud for Developers: Write, migrate, and extend your code by leveraging Google Cloud by Hector Parra Martinez(3355)
Mastering Cyber Intelligence by Jean Nestor M. Dahj;(3255)
AWS Observability Handbook by Phani Kumar Lingamallu & Fabio Braga de Oliveira(2978)
The Road to Azure Cost Governance by Paola E. Annis Giuliano Caglio(2794)
Microsoft 365 Fundamentals Guide by Gustavo Moraes and Douglas Romão(2230)
Agile Security Operations: Engineering for Agility in Cyber Defense, Detection, and Response by Hinne Hettema(1574)
Cloud Identity Patterns and Strategies: Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory by Giuseppe Di Federico Fabrizio Barcaroli(1545)
Bootstrapping Service Mesh Implementations with Istio by Anand Rai(1429)
The Road to Azure Cost Governance: Techniques to tame your monthly Azure bill with a continuous optimization journey for your apps by Paola E. Annis Giuliano Caglio(1245)
Agile Security Operations: Engineering for agility in cyber defense, detection, and response by Hinne Hettema(1183)
Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs by Ryan Soper Nestor N Torres Ahmed Almoailu(1167)
Linux Administration Best Practices: Practical Solutions to Approaching the Design and Management of Linux Systems by Scott Alan Miller(1119)
DevSecOps in Practice with VMware Tanzu: Build, run, and manage secure multi-cloud apps at scale on Kubernetes with the Tanzu portfolio by Parth Pandit Robert Hardt(1058)
Terraform for Google Cloud Essential Guide by Bernd Nordhausen(865)
Becoming KCNA Certified by Dmitry Galkin(845)
