Cyber Security: File Upload Cheet Sheet

·

1 min read

File Upload Bypass Methods

NULL Byte Bypass

webshell.php%00.jpg

By inserting a NULL Byte in the middle, as in webshell.php%00.jpg, the processed filename becomes "webshell.php." The NULL Byte signifies the end of a string.

HTML Encoding

In cases where other methods don't work well, you can use HTML Encoding, such as webshell.ph%70, as a simple solution.

Hidden Extensions in PHP

This content is specific to PHP7 and does not apply to PHP5.

In PHP7, there are several additional extensions recognized besides ".php":

.php  .php3  .php4  .php5  .php7  .pht  .phtml  .htm  .html

Hidden Extensions in JSP

.war

Adding a Dot After the Extension

Uploaded files typically ignore symbols like "." after the extension. However, the code that checks during upload can recognize extensions only when this symbol is used.

.php.. .php...

Bypass by Modifying Content-type

When processing files, HTTP uses different Content-types based on the file type. For example:

  • jpg uses image/jpg

  • png uses image/png

  • txt uses text/plain

  • php uses text/html

If the server filters using Content-type (blocking text/html), it's possible to bypass by using a proxy tool to modify the Content-type.

Content-Disposition: form-data; name="file"; filename="webshell.php"
Content-Type: image/jpeg