2 - Get upload functioning

# Client-side validation - If we try to throw `shell.php` into the upload field we get the below error without a GET request ![[images/Pasted image 20251224180433.png]] - Client-side validation confirmed, which isn't surprising given the source code for the page - Try to disable client-side validation and see what happens ![[images/Pasted image 20251224180609.png]] - Now we are getting a different message, which is not associated with the client-side `checkfile` function ![[images/Pasted image 20251224180815.png]] ![[images/Pasted image 20251224181335.png]] - This indicates back-end validation # Try double extension - Try with `shell.jpg.php` ![[images/Pasted image 20251224181136.png]] - We are getting the same message as above ![[images/Pasted image 20251224181359.png]] - Try sending to `intruder` and fuzzing `.php` with the php extension wordlist ![[images/Pasted image 20251224181542.png]] - No hits - Try again with `content-type` header set to `image/jpg` and magic byte `GIF8` ![[images/Pasted image 20251224181725.png]] - Still no hits # Try reverse double extension - Try with `shell.php.jpg` ![[images/Pasted image 20251224181922.png]] - That seemed to work? ![[images/Pasted image 20251224182240.png]] ![[images/Pasted image 20251224182247.png]] # Try to reach webshell - Visit below URL ```url http://94.237.123.185:55643/contact/upload.php?shell.php.jpg ``` ![[images/Pasted image 20251224184049.png]] - Try sending to `intruder` fuzzing on `.php` ![[images/Pasted image 20251224184143.png]] - All options are throwing an "Only images allowed" error message # Reset - Try to upload `shell.php` ![[images/Pasted image 20251224184735.png]] - Send to `intruder` and fuzz with php extensions wordlist - Try with modified content-type header ![[images/Pasted image 20251224184831.png]] - No hits - Try with modified content-type header and magic byte ![[images/Pasted image 20251224184941.png]] - No hits # shell.jpg - try to upload `shell.gif` with magic byte ![[images/Pasted image 20251224193249.png]] - successful upload ![[images/Pasted image 20251224193324.png]]