Bug Bounty Hub
  • 🚀WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • 🕸️PENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • 📚RESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • 🏔️Bug Bounty Platforms
Powered by GitBook
On this page
  • Useful File Extensions
  • Bypass File Extensions Checks

Was this helpful?

  1. PENTESTING WEB
  2. Server-Side Vulnerabilities

File upload vulnerabilities

File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution.

Useful File Extensions

  • PHP -> .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc, .hphp, .ctp, .module

  • ASP -> .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml

  • Jsp -> .jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action

  • Flash -> .swf

  • Perl -> .pl, .cgi

Bypass File Extensions Checks

  1. Test using uppercase letters: pHp, pHP5...

  2. Add a valid extension before the wanted extension:

    • file.png.php

    • fiile.png.pHp

  3. Add special characters at the end. Bruteforce all ASCII and Unicode characters.

    • file.php%20

    • file.php%0a

    • file.php%00

    • file.php%0d%0a

  4. Try to bypass the protections by adding junk data (null bytes) between double extensions:

    • file.php#.png

    • file.php%00.png

    • file.php\x00.png

    • file.php%0a.png

    • file.php%0d%0a.png

    • file.phpJunk123png

  5. Add another layer of extensions:

    • file.png.jpg.php

    • file.php%00.png%00.jpg

PreviousServer-side Request Forgery (SSRF)NextOS Command Injection

Last updated 5 months ago

Was this helpful?

🕸️