Bypassing Extension

SecLists/Discovery/Web-Content/web-extensions.txt at master · danielmiessler/SecListsGitHub

ASP and PHP Extension

PHP extensions
ASP Extensions

Double Extension (weak match)

shell.jpg.php

$fileName = basename($_FILES["uploadFile"]["name"]);

if (!preg_match('^.*\.(jpg|jpeg|png|gif)', $fileName)) {
    echo "Only images are allowed";
    die();
}

Reverse Double Extension (Server misconfig)

shell.php.jpg

<FilesMatch ".+\.ph(ar|p|tml)">
    SetHandler application/x-httpd-php
</FilesMatch>

Character Injection

%20
%0a
%00 for PHP 5.x or earlier
%0d0a
/
.\
.
…
: for windows server

Content-Type

content-type.txt

Mime Type

bases on File Signature or Magic Bytes.

PreviousFile Upload Attacks NextLimited File Uploads

Last updated 2 years ago