Archiver

We see simple online archiver:

../../images/Untitled 47.png|Untitled 47.png

\

Do you need to archive a file, but don’t have winrar at hand? Use our service - in a matter of seconds you can archive any file absolutely free.

When I upload file it really just creates archive with it. Let’s go into caido and check request:

../../images/Untitled 1 23.png|Untitled 1 23.png

the first thing I want to do is to try to inject code somewhere here:

../../images/Untitled 2 21.png|Untitled 2 21.png

Let’s check what is inside that archive

../../images/Untitled 3 19.png|Untitled 3 19.png

So we can`t run commands, but we have LFI.

Let’s try this:

../../images/Untitled 4 16.png|Untitled 4 16.png

../../images/Untitled 5 15.png|Untitled 5 15.png

Let’s run smth like cd ..;pwd

../../images/Untitled 6 12.png|Untitled 6 12.png

../../images/Untitled 7 10.png|Untitled 7 10.png

Nothing interesting here. Let’s go deeper with cd ..;cd ..;pwd (slash doesn’t work here)

../../images/Untitled 8 9.png|Untitled 8 9.png

and we got flag!

ch's cybersec