File Upload Lab #6 | Remote Code Execution Via Polyglot Web Shell Upload | [PortSwigger] [2026]

Опубликовано: 28 Июнь 2026
на канале: CryptHawk
34
0

PortSwigger | File Upload Vulnerabilities Lab #6 – Remote Code Execution Via Polyglot Web Shell Upload | Full Walk-through

⚠️ Disclaimer
This video is for educational and ethical security testing purposes only. I do not condone or support any illegal activities. All labs are performed in controlled environments. Viewers are responsible for their own actions. Contains AI-generated audio.

🔗 Lab Link:
https://portswigger.net/web-security/...

🛡️ Technical Details:
Vulnerability Type: Unrestricted File Upload (Polyglot Bypass)
Impact: Remote Code Execution
OWASP Top 10: A06-2025 - Insecure Design
CWE-434: Unrestricted Upload of File with Dangerous Type
Lab Level: Practitioner

⚙️ Tools & Credits:
Lab: PortSwigger Web Security Academy
Proxy: Burp Suite Community Edition (CE)
Web Browser: Firefox + FoxyProxy
OS & Environment: Arch Linux | Hyprland
Voiceover: Google AI Studio (Leda Voice Model)
Video Production: FFmpeg
Audio Post-Processing: Audacity

⏲️ Timestamps:
00:00 - Intro & Lab Overview
00:20 - Baseline Reconnaissance (Finding the Target Directory)
00:40 - Testing the Filters (Failed Payload Upload)
01:40 - The Core Vulnerability
02:04 - The Polyglot Exploit
02:25 - Injecting the Payload via ExifTool
03:30 - Bypassing the Filter & Achieving RCE
03:54 - Extracting Carlos's Secret