We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check on the image extension. We bypassed this restriction by changing the magic number of the file to appear as a GIF image then appended a short PHP one liner to execute system commands.. This was part of OverTheWire Natas Level 13 challenge.

Get OSCP Certificate Notes

Next Level Password:

qPazSJBmrmU7UQJv17MHk1PGC4DxZMEP

Video Walkthrough

, , ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles