- Insert webshell into `upload.svg` file and save as `upload.phar.svg` ![[images/Pasted image 20251224204912.png]] - Rename to `shell.phar.jpg` as done previously - still an `svg+xml` docx to pass the content header filter ![[images/Pasted image 20251224204923.png]] - Upload `shell.phar.jpg` - no errors ![[images/Pasted image 20251224205023.png]] ![[images/Pasted image 20251224205042.png]] - View at `contact/user_feedback_submissions/20251224_shell.phar.jpg?cmd=id` - 404 error - Intercept upload of `shell.phar.jpg` - Replace `.jpg` extension with `.svg` and content header with `image/svg+xml` - View at `/contact/user_feedback_submissions/20251224_shell.phar.svg?cmd=id` - **TRY WITH 251214**