I’m currently doing an online CTF and I have LFI an can read the source code of the upload function. In there I see the following line:
shell_exec('rm -rf ' . uploads/ . '*.p*');
So anytime I upload a .php file, it gets deleted. I tried extensions such as .Php or .PHP but if the extension is not .php, the php code is not executed. It also removes any
*.h* file and any .htaccess files.
Is there a way to break out the code so the remove of
*.p* file never happens or can I execute .php files without having the file extension being .php?
Update 1: I’m also forced to upload the files by a ZIP-file, the web application automatically unzips the file.