← All Challenges
Challenge 25 of 66

Upload Bypass

🟡 Medium Web App +75 XP

A file upload only checks the file extension client-side. Bypass the JavaScript validation to upload a PHP web shell.

Upload Bypass // sandbox
Disable JavaScript, intercept the request with Burp, or rename .php to .php.jpg and exploit double extensions.

🏆 Challenge Complete!

+75 XP earned
Next Challenge →
← Prev Next →