So I’m working on a VM that looks to be exploitable via image upload.
It’s running apache and php, and has a custom made “upload image” form that leaves the images in a gallery. Should be easy enough, even for someone as inexperienced as me.
Well, today I learned not to use _halt_compiler() in an image based reverse shell attempt when I accidentally crashed PHP. Once the image was uploaded it instantly crashed all pages that load that image. DOH. As an upshot, I suppose this proves the PHP code is working though. Back to it.
If you’d like to try an attack like this, there’s currently on on Hack The Box I believe.