Upload Restriction Bypass¶
-
Double extensions
- .php.gif
- .gif.php
-
Test for whitelist vs blacklist
- Upload a random extension (Example: file.adjwoia).
Magic bytes¶
Bytes at the beginning of a file that indicate which type of file it is (at the byte level).
Use case¶
Add magic bytes from an image file to the beginning of another file so it passes basic file-signature checks.
Get magic bytes from a .jpg file¶
head <file> | xxd
Outputs the first few bytes of the file (the first bytes shown should include the magic bytes).
head -c<#> <file> | xxd
Outputs the first
<#>bytes of the file and displays them in a readable hex format.
Add magic bytes¶
- Add the selected magic bytes to the beginning of the target file using a hex editor.
Null byte vulnerability (%00)¶
Terminate strings using a null byte to bypass file extensions that are appended by the server.