Skip to Content
Becoming the Hacker
book

Becoming the Hacker

by Adrian Pruteanu
January 2019
Beginner
404 pages
8h 53m
English
Packt Publishing
Content preview from Becoming the Hacker

More file upload issues

Earlier in the chapter, we had a look at how file upload can help us to compromise an application and the server it sits on. We were able to upload a valid PNG file containing an embedded PHP shell. The LFI vulnerability allowed us to execute that code.

There are other problems with allowing users to upload arbitrary files to the application. You could very well prevent users from uploading PHP, JSP, or ASP shells by simply blacklisting the extension. PHP only executes code in files with a particular extension (or two) if they are called directly. Barring any LFI vulnerability somewhere else in the application, the file upload feature should be fairly safe from a code execution perspective.

If one of the application features ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Tribe of Hackers Red Team

Tribe of Hackers Red Team

Marcus J. Carey, Jennifer Jin
How to Hack Like a Ghost
Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims
Ethical Hacking

Ethical Hacking

Daniel G. Graham

Publisher Resources

ISBN: 9781788627962Supplemental Content