From 7b8514f1f5cc128bc4f64f926e44ddec8d364e6f Mon Sep 17 00:00:00 2001 From: vict0ni <32034171+victoni@users.noreply.github.com> Date: Thu, 14 May 2020 00:09:30 +0200 Subject: [PATCH 1/2] Update README.md Added "adding magic bytes" solution --- Upload Insecure Files/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md index 6229f86..ed537da 100644 --- a/Upload Insecure Files/README.md +++ b/Upload Insecure Files/README.md @@ -65,6 +65,8 @@ Coldfusion: .cfm, .cfml, .cfc, .dbm * `Content-Type : image/gif` * `Content-Type : image/png` * `Content-Type : image/jpeg` +- [Magic Bytes](https://en.wikipedia.org/wiki/List_of_file_signatures) + Sometimes applications identify file types based on their first signature bytes. Adding/replacing them in a file might trick the application. ### Picture upload with LFI @@ -95,4 +97,4 @@ Touch command * [BookFresh Tricky File Upload Bypass to RCE, NOV 29, 2014 - AHMED ABOUL-ELA](https://secgeek.net/bookfresh-vulnerability/) * [Encoding Web Shells in PNG IDAT chunks, 04-06-2012, phil](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/) * [La PNG qui se prenait pour du PHP, 23 février 2014](https://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/) -* [File Upload restrictions bypass - Haboob Team](https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf) \ No newline at end of file +* [File Upload restrictions bypass - Haboob Team](https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf) From e61db57ff107ff39d7500d1ff8b4f3370eaa5780 Mon Sep 17 00:00:00 2001 From: vict0ni <32034171+victoni@users.noreply.github.com> Date: Thu, 14 May 2020 00:10:12 +0200 Subject: [PATCH 2/2] Update README.md fixed indentation --- Upload Insecure Files/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md index ed537da..1ffa55c 100644 --- a/Upload Insecure Files/README.md +++ b/Upload Insecure Files/README.md @@ -66,6 +66,7 @@ Coldfusion: .cfm, .cfml, .cfc, .dbm * `Content-Type : image/png` * `Content-Type : image/jpeg` - [Magic Bytes](https://en.wikipedia.org/wiki/List_of_file_signatures) + Sometimes applications identify file types based on their first signature bytes. Adding/replacing them in a file might trick the application. ### Picture upload with LFI