File upload page #3
- File upload page with extension verification.
- Only JPEG and PNG can be uploaded.
Possibilities
- Verification mechanism can be bypassed easily.
Uploading PHP Shell
- Download any PHP shell from a source you know of. b374k-shell is a good choice and is used in here, which can be downloaded for free.
- Rename extension of the downloaded file to JPG or PNG.
- Upload it using the file upload page.
- Use any HTTP POST editing tool and change the extension to php.
- Access it by visitng https://<your_ip>/bricks/upload-2/uploads/<file_name>.php
