File Upload Vulnerability

Tweet

File Upload Vulnerability is an extremely interesting topic with various twists and turns such as - Content-Type Checks, Bypassing Blacklists, Double Extensions, Defeating Getimagesize() checks, Null byte injection, getting a Meterpreter on the box via File Uploads etc.

We just wanted to share one of the interesting videos on this topic - "Defeating Getimagesize() Checks in File Uploads" 

Defeating Getimagesize() Checks in File Uploads

In the above video, we go step by step and uncover how we can embed a webshell into an image and have it executed by the remote server, even if it uses APIs like Getimagesize() to verify the presence of an image.

Here are other videos in the series, available only to Pentester Academy subscribers:

File Upload Vulnerability Basics

Beating Content-Type Check in File Uploads

 

Bypassing Blacklists in File Upload

Bypassing Blacklists using PHPx

Bypassing Whitelists using Double 
Extensions in File Uploads

Defeating Getimagesize() Checks in File Uploads

Null Byte Injection in File Uploads

Exploiting File Uploads to get Meterpreter

Happy Uploading!

Tweet