Bypass php upload validation
 

Hiya all :-)

Many of you have faced situation in which you hacked a website and have an admin access....Enumerating the admin access you have found an upload module.

Let's say it is a photo gallery module. The developer had put some validations like only jpg, bmp and gif files can only be uploaded.

You tried many ways like adding GIF89a; before the starting of php tag (<?php) but with no luck....Well as such there are many ways to overcome this.

I will describe one method to successfully upload our php shell on such websites.

Note: This method wont work 100% of the time but atleast this will solve your query almost 60% of the time... :-) Not bad though!!!!!!!

First let us quickly setup our environment for this. Things which you need to carry out this are as follow

1. Download an intercepting proxy called burp from here

2. Download and install java runtime environment.

Now extract burp and run suite.bat file, this will start your burp proxy.

http://img861.imageshack.us/img861/888/38098128.png

Open your mozilla firefox and setup the proxy as IP:127.0.0.1 and port:8080

Visit the link to upload url of your hacked website. Browse your php file and click upload.

Now you will see that your burp icon will be blinking i.e it has intercepted the request from your computer to the server.

Open up burp, under the proxy tab you will see intercept menu. Here you will find a packet of your upload request as shown below

http://img854.imageshack.us/img854/5631/90135646.png


Right click on it and select "Send to repeater". You will see the same packet at the repeater tab.

http://img17.imageshack.us/img17/8281/28696654.png

Change the content type exactly as i have shown in the following snap and click on go.....

http://img268.imageshack.us/img268/1858/78904898.png

BOOM!!!!! You should see 200 in the response pane and your file has been successfully uploaded :-)

thx men you are the best :D

can you put the link of intercepting proxy

Thank you brother :-) Hope this will help someone....Link to intercepting proxy is http://portswigger.net/burp/download.html

i love you :D :love: :sarcastic:

i add the link

Ha ha :D.....I tried to edit it but it said only allowed for 10 min after the post....Sorry i forgot to mention and thanks to you to correct it

ya i can eddit and delet and and ... lool :coool:

thnx man this is very goood

You welcome brother....Glad that you liked it :-)

I love you brother

is it msn???

Aditya Modha Welcome to vbspiders.com :)

Thanks brother......Heartedly thanks for calling by name :-)

hummmm all members about vbspiders like"nullbyte

this is a good things ! so too man i want to thank you for this topic it's a good job
welcome with we at vbspiders "
see you ...

Thank you sir :-) Am happy that my content is useful for the member here.....I am just trying to learn and willing to share :-)

lool

great ! so let's go to learn then:he::he::he:
Good luck man

welcome bro

nice way but i'm asking

i think it make the same way by temper data "firefox tool bar " or not ?

look at this
http://www.vbspiders.com/vb/t41011.html

(the pic uploaded as images/jpeg)

Thanks....Ya you can do the same with tamper data addon...but with intercepting proxies like burp, paros etc it's much more easier and reliable way.....moreover with repeater options of burp you can do the same shot repeatedly without having to go through your browser

tnx bro emmmm
if u don't mind i would to ask u one question:
this idea ,..is it the same idea of Tamper Data
i remember that in Tamper Data we have to change the extension of the shell from JPG>>php

oops i didn't read the last respons from ZrIqE ViRuS

however, u don't have to answer my Q

Thanks Man