
Show HN: File Upload Hacking Challenges - emeth
https://github.com/breakthenet/file-upload-exercises
======
orf
PHP's file-based layout is one of the biggest mistakes in web security I can
imagine, coupled with the lack of a built in secure file upload functions.
I've seen so many websites coded with checks like "if .jpeg in filename",
which is easily bypassed. Then once the file is up there you just have to
navigate to it and BAM, you have RCE and a shell. Ridiculous.

------
gravypod
I remember messing around with hack this site a long time ago. This looks like
it will be a valuable lesson for all of the php devs out there who don't
handle files often.

