Preamble
This article is quite good and difficult to upload files, because it requires knowledge of htaccess
Give yourself 2 suggestions as follows:
Đọc file /upload/oPp7SGzQPISX/flag.php chắc đọc được file này ra được flag
Gợi ý thứ 2 là file của bạn up lên sẽ ở /upload/oPp7SGzQPISX/
I tried upfile php but it didn’t work, after someone read only about htaccess and came back to do it, I flagged it.
What is Htaccess?
You can refer here htaccess
Htaccess is a file used to configure apache web server. It is accepted by the server as a component and allows us to flexibly navigate and enable features or to protect certain parts of the website. In the name .htaccess, htaccess is the extension and this file has no name (noname), so when you put this file on the host it is not always displayed.
Upload the .htaccess file
You upload a file and use the Proxy of the burp suite to block incoming requests.
Modify the request sent to upload the file .htaccess.
You can refer to the php_flag engine off
After successfully uploading the .htaccess file, you can now go to /flag.php file
And here is my result
I already submitted the flag and submitted it.
Conclusion
Hopefully, through this writeup you can understand a little more about .htaccess and about the file upload format when playing CTF