Bypassing file upload filter using .htaccess file(CTF)
1 min read
Summary
This is a write-up of how Rahul Bogar, a novice in cybersecurity, utilized the .htaccess file to bypass file upload filters in a Capture The Flag (CTF) challenge hosted by Metactf.
The challenge involved a file upload vulnerability, where the participant was able to upload files to the server, but when attempting to upload a PHP file, it was blocked by the server.
Using Burp Suite to intercept and analyze the server response, Bogar discovered that the backend server was running Apache, which utilizes the .htaccess file for configuration.
He then created a .htaccess file that added a new MIME type, “application/x-httpd-php,” to the server, allowing him to execute PHP code through files with the “evil” extension.
After uploading a PHP backdoor with the “.evil” extension, Bogar was able to execute commands on the server through the backdoor.php file, ultimately obtaining the flag for the challenge.