We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check on the image extension. We bypassed this restriction by changing the magic number of the file to appear as a GIF image then appended a short PHP one liner to execute system commands.. This was part of OverTheWire Natas Level 13 challenge.

Get OSCP Certificate Notes

Next Level Password:


Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles