HTTP 30

This challenge covers how to send specific HTTP requests

PRO
Tier
Hard
< 1 Hr.
2504
HTTP Badge

In this challenge, you are required to send an HTTP multipart request to /pentesterlab with a file parameter named filename. The filename must include a directory traversal (../), which allows you to upload a file outside the intended storage directory of the application. This technique is especially useful for testing applications with multiple layers of reverse proxies, as it can reveal potential vulnerabilities in how files are handled and stored.

To tackle this challenge, it is recommended to start with the curl command-line tool to construct the request. You can then write a script in your favorite programming language to automate the process, enabling you to create a reusable collection of scripts for future use. The steps involve creating a dummy file, using curl to upload the file with the directory traversal in the filename, and analyzing the request to understand how the multipart data is structured.

Want to learn more? Get started with PentesterLab Pro! GOPRO