How to Beat File Upload Restrictions on Web Apps to Get a Shell

One of the most promising avenues of attack in a web application is the file upload. With results ranging from XSS to full-blown code execution, file uploads are an attractive target for hackers, but there are usually restrictions in place that can make it challenging to execute an attack. However, there are various techniques a hacker could use to beat file upload restrictions to get a shell.


Method 1: Bypassing Blacklists


The first method we'll explore is how to bypass blacklisting. Blacklisting is a type of protection where certain strings of data, in this case, specific extensions, are explicitly prohibited from being sent to the server. At first glance, it might seem like an optimal solution to prevent bad extensions, often executables, from being uploaded, but it is trivial to bypass.


In addition to the regular extensions, there are alternative extensions that can be used to get around blacklist filters. Here are some extensions for PHP files:


.pht, .phtml, .php3, .php4, .php5, .php6, .inc

Another popular extension for web shells is JSP, and here are some alternatives:


.jspx, .jspf, .jsw, .jsv

In some situations, simply changing the case of the extension can trick filters into accepting the file, like so:


.pHp, .Php, .phP

Method 2: Bypassing Whitelists


Another type of prevention commonly encountered on the web is whitelisting. Whitelisting is precisely the opposite of blacklisting, ..

Support the originator by clicking the read the rest link below.