Unrestricted File Upload

I was testing on a website let’s call it “buggyweb.xyz”. After some time I found that there was a discussion forum which URL was something like this “discussion.buggyweb.xyz”. So I started to explore there and after some time I found out that there was a File Upload feature to upload images.

I started testing that file upload feature so I tried to upload .php extension file but that was rejected. So after digging a little bit I found out that there was “WhiteListing” of the files. So only file extension which is allowed is being uploaded. Basically, it was only verifying the last extension of that file. So what I did was open Burpsuite, capture the request and change the file extension but I failed. So after some time, I found out that it was double-checking the file extension(Client Side and Server Side).

After I found out that I first uploaded an image file then capture it with burp suite and change its content to PHP code then forward the request while uploading it. Now here comes the main part, Even I have uploaded the file, I haven’t published it yet so before clicking the publish button I turn on burp suite again and change the extension of that file to .PHP, and BOOM! It got Uploaded

And then I reported it to that company.

Thank You for reading this post.

--

--

--

Student | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Agile World S2 E1 with The Agile20Reflect Festival Chief Pirate Scott Seivwright and a true wagger

Setting SCCM Maintenance Windows using PowerShell and System File Watcher

Coding Interview Questions [Arrays]: Height Checker

Five easy steps to reindex in place using Elasticsearch with zero downtime.

Making Technical Decisions

DSLA Protocol x Satoshi Club AMA Recap from 21th of December

JDK 14 is coming, but will my Java application run on it?

100 Best Devops Books of All Time

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Binamra Pandey

Binamra Pandey

Student | CTF Player

More from Medium

Bypassing Cloudflare’s WAF!

SVG based Stored XSS

Multi XSS Exploit in Upload File

Log4Shell: RCE 0-day Detect CVE-2021–44228