Business Logic Testing
File Upload
Cheatsheet
Bypassing Filters
Enumerate Allowed Extensions:
Try using
php3,php4
instead ofphp
Truncating File-Name
Append Allowed Extension
file.php.png
GIF [MAGIC]
Check allowed file size
Check allowed extensions
Check Content-Type Header
IIS Web Servers
If .config extension is allowed
A web.config file lets you customize the way your site or a specific directory on your site behaves. For example, if you place a web.config file in your root directory, it will affect your entire site. If you place it in a /content directory, it will only affect that directory.
Upload ASP code within a web.config file.
Ensure each line of the ASP payload code is on a new line.
Last updated