Bypass php upload validation

Hiya all :-)

Many of you have faced situation in which you hacked a website and have an admin access....Enumerating the admin access you have found an upload module.

Let's say it is a photo gallery module. The developer had put some validations like only jpg, bmp and gif files can only be uploaded.

You tried many ways like adding GIF89a; before the starting of php tag (<?php) but with no luck....Well as such there are many ways to overcome this.

I will describe one method to successfully upload our php shell on such websites.

Note: This method wont work 100% of the time but atleast this will solve your query almost 60% of the time... :-) Not bad though!!!!!!!

First let us quickly setup our environment for this. Things which you need to carry out this are as follow

1. Download an intercepting proxy called burp from here

2. Download and install java runtime environment.

Now extract burp and run suite.bat file, this will start your burp proxy.



Open your mozilla firefox and setup the proxy as IP:127.0.0.1 and port:8080

Visit the link to upload url of your hacked website. Browse your php file and click upload.

Now you will see that your burp icon will be blinking i.e it has intercepted the request from your computer to the server.

Open up burp, under the proxy tab you will see intercept menu. Here you will find a packet of your upload request as shown below




Right click on it and select "Send to repeater". You will see the same packet at the repeater tab.



Change the content type exactly as i have shown in the following snap and click on go.....



BOOM!!!!! You should see 200 in the response pane and your file has been successfully uploaded :-)