File Upload through Null Byte Injection continued...

Just after writing the previous post, we came across a scenario where the application was expecting a pdf and back-end was php. But the application was not accepting the Null Byte injected files as described in last post.
We found that it was validating PDF magic no. and application types in headers.
So, we repeated the the exact steps of the last post and additionally we changed the signature and content type and the application uploaded it successfully.
So we renamed our file shell.php as shell.phpA.pdf and replaced A with Null, so the strings became shell.php[NULL] .pdf, which the interpreter read and created a file shell.php on the server. Only issue is that there's not code to execute since all the contents were pdf contents. But our aim was to bypass this and it was successful. This post concludes.

Comments

Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection