Bricks Documentation

File upload page #3

  • File upload page with extension verification.
  • Only JPEG and PNG can be uploaded.

Possibilities

  • Verification mechanism can be bypassed easily.

Uploading PHP Shell
  • Download any PHP shell from a source you know of. b374k-shell is a good choice and is used in here, which can be downloaded for free.
  • Rename extension of the downloaded file to JPG or PNG.
  • Upload it using the file upload page.
  • Use any HTTP POST editing tool and change the extension to php.
  • Access it by visitng https://<your_ip>/bricks/upload-2/uploads/<file_name>.php