File Upload Vulnerability is an extremely interesting topic with various twists and turns such as - Content-Type Checks, Bypassing Blacklists, Double Extensions, Defeating Getimagesize() checks, Null byte injection, getting a Meterpreter on the box via File Uploads etc.
We just wanted to share one of the interesting videos on this topic - "Defeating Getimagesize() Checks in File Uploads"
|Defeating Getimagesize() Checks in File Uploads
In the above video, we go step by step and uncover how we can embed a webshell into an image and have it executed by the remote server, even if it uses APIs like Getimagesize() to verify the presence of an image.
Here are other videos in the series, available only to Pentester Academy subscribers:
|File Upload Vulnerability Basics