We started off this chapter with some basics of file upload vulnerability. Then, we discussed various PHP functions that can cause server-side code execution, after that we proceeded with multi-functional web shells and how to use Netcat to receive a reverse shell.
Then, we discussed several techniques related to DoS through image upload forms that carry out image parsing on the uploaded images using files such as GIF, JPG, and PNG. We then proceeded with various protection mechanisms used by developers to prevent file upload attacks, which at times can be circumvented using the mentioned techniques. These are all the topics for this chapter. Apart from the bypasses I mentioned, there are some other bypasses that include the use of double extensions, in which we mix a whitelisted extension with a blacklisted one. For example, if .php
is not allowed, then we can sometimes bypass this check by using .jpg.php
.
A more complex technique exists for encoding PHP code inside a PNG file through...