secureArchive

MediumWeb Security

Overview

Welcome to the Relic Archive—my very own digital repository where only the most carefully curated text relics are allowed. Developers submit their plain‑text relics (files ending in `.txt`), and the system immediately locks them down by executing a blanket permission change.

Lab Details

Prerequisites & Requirements

  • Web Exploitation Basics: Understanding how file uploads work in PHP and common pitfalls in handling user‑supplied filenames
  • Linux Filesystem & Permissions: Familiarity with Linux file permissions, especially how the chmod command and wildcards work
  • Command Injection Concepts: Knowledge of how shell commands can be manipulated via carefully crafted input

What will you learn?

  • Wildcard Abuse in Shell Commands: Techniques for manipulating command‑line utilities by exploiting wildcard behavior

Tools

  • Web Browser & Developer Tools or similar: To inspect the web application and analyze HTTP requests/responses

Job Positions

Penetration Tester

Tags

Command InjectionPhpInput ValidationSource Code ReviewUnrestricted File Upload