All is not lost and there are some other tricks out there which allows you to overcome this fix and still exploit Local File Include (LFI) vulnerabilities. For this reason, we thought it would be beneficial for the community to come up with a CTF challenge followed by a write-up on the tricks which are not entirely spread out on the Interwebs.
My friend and Securus Global co-worker Márcio challenged me to try the CTF challenge that he came up with recently. The challenge aims to present a not widely known technique used to bypass some common file upload restrictions imposed on PHP applications. Restrictions, that prevent unauthorized upload of files to the web server using web application.
Here is the link to the challenge: http://22.214.171.124
I’ll spoil the fun a little bit and tempt you to try it out: The challenge is all about cute Pandas. ☺