Overview

There's trouble at the Angels & Scooters scooter club again. Davey, a kid with a lot of potential, but still a bit wet behind the ears updated their webpage. He upgraded it with a few new features like a login/register page, competition page, picture upload feature and everything looks neat. The problem is that he knows nothing about web application security. It's up to you to find out if he left in any vulnerabilities and fix them. Let's see if the Angels & Scooters website is vulnerable to Unrestricted File Upload.

Rangeforce's Unrestricted File Upload lab teaches students how to review the file upload vulnerability. This lab is intended for beginner level students and takes approximately 1 hour to complete.

The scenario of the Rangeforce Unrestricted File Upload lab is a website developer of a scooter company that has upgraded the scooter website and added advanced functions, like file upload and user login.

File upload vulnerability is a weakness in web platforms that provide the attackers with the ability to upload files and or data that can be executed to alter the web application/website.

In the Rangeforce Unrestricted File Upload lab, the student will learn to review the File Upload Vulnerability by using an existing website on this Lab to learn and test their skills.

The objective in the Rangeforce Unrestricted File Upload lab is to try to find if the site is vulnerable to unrestricted File Upload and use it to upload our own "malicious" script that we can then execute, causing defacement of the website. In the Rangeforce Unrestricted File Upload lab, the student will then learn how to protect against this vulnerability.