BankSploit · Register

BankSploit Vuln Mode

Lab: ON Hints: shownAll→

Create your account

Already have an account? Sign in

Difficulty for this pageSet level:

⚠ Lab Mode — vulnerabilities on this page

L5 · level 0 Mass assignment — Add role=admin or daily_limit=9999999 to the profile-update body.
G7 · level 0 File upload (webshell) — Upload shell.php as a KYC document, then browse to it for RCE.

🔎 Vulnerable vs. Secure (L3) codeView code for

🔎

Font

Live level: level 0

Set level:

☠ Vulnerable (current level) · /var/www/html/modules/dashboard/profile_vuln.php

87        $userCols = ['name', 'email', 'phone', 'address', 'aadhaar_masked', 'pan', 'role', 'is_locked'];

🛡 Secure (L3) · /var/www/html/modules/dashboard/profile_secure.php

45        $allowed = ['name', 'email', 'phone', 'address'];

Live level: level 0

Set level:

☠ Vulnerable (current level) · /var/www/html/modules/loans/loans_vuln.php

161        $dest = $webDir . '/' . $name;
162        @move_uploaded_file($tmp, $dest);
163        $note = $level === 0 ? ' (no checks — .php webshell accepted)' : '';
164        return ['ok' => true, 'message' => 'Uploaded ' . $name . $note, 'path' => 'uploads/' . $name];

🛡 Secure (L3) · /var/www/html/modules/loans/loans_secure.php

96        $ext  = strtolower(pathinfo($name, PATHINFO_EXTENSION));
97        if (!in_array($ext, ['jpg', 'jpeg', 'png', 'pdf'], true)) {
98            return ['ok' => false, 'message' => 'Extension not allowed.', 'path' => null];
99        }
100        $mime = function_exists('mime_content_type') ? (string) mime_content_type($tmp) : '';
101        if (!in_array($mime, ['image/jpeg', 'image/png', 'application/pdf'], true)) {
102            return ['ok' => false, 'message' => 'File content does not match an allowed type.', 'path' => null];
103        }
104        $safeDir = '/var/loan_docs';            // outside /var/www/html
105        if (!is_dir($safeDir)) {
106            @mkdir($safeDir, 0700, true);
107        }
108        $dest = $safeDir . '/' . bin2hex(random_bytes(16)) . '.' . $ext;
109        @move_uploaded_file($tmp, $dest);

⚠ Intentionally vulnerable application — local security training only.