File Upload

Notes

  • Null bytes, e.g. .php%00.jpg, where .jpg gets truncated and .php becomes the new extension

  • Try to upload a file with a double extension (ex: file.png.php or file.png.php5).

  • PHP extensions: .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .pht, .phtml, .pgif, .shtml, .htaccess, .phar, .inc ASP extensions: .asp, .aspx, .config

  • Try to uppercase some letter(s) of the extension. Like: .pHp, .pHP5, .PhAr ...

  • Try to upload some reverse double extension (useful to exploit Apache misconfigurations where anything with extension .php, but not necessarily ending in .php will execute code): ex: file.php.png

  • Bypass Content-Type checks by setting the value of the Content-Type header to: image/png , text/plain , application/octet-stream

  • Bypass magic number check by adding at the beginning of the file the bytes of a real image (confuse the file command). (".PNG....", "GIF89a" ,)