Okay so we are met with a simple website for uploading png files

image.png

Let’s inspect further

image.png

Nothing looks immediately odd

using DIRB to brute force the directory

dirb <url> <path_to_wordlist>

image.png

while that's cooking, let’s see if we can trick the server into thinking we are using a .png to get remote code execution

It’s possible that the server could be checking for “.png” in the file name. We got a hint of that when the challenge says:

“Error: File name does not contain '.png'. “

The server could be checking for a PNG file signature, or it could just be checking that the file says png.

Screenshot_2024-12-14_10_45_53.png

When I upload a txt file that is called test.png.txt we get a different error:

Error: The file is not a valid PNG image: 706e670a

So it seems as though we are making progress. Let’s try all caps…

File uploaded successfully and is a valid PNG file. We shall process it and get back to you... Hopefully

Woah! okay so as long as the file begins with PNG then you are good to go! Let’s make this a payload. I found a simple example on Github and I’ll just add PNG to the first line.