php-extension-bypass

1 article
sort: new top best
clear filter
bug-bounty497 google318 xss300 microsoft262 facebook230 rce194 exploit166 apple155 malware144 cve131 account-takeover113 bragging-post110 privilege-escalation88 csrf86 authentication-bypass71 stored-xss66 writeup62 phishing62 browser59 reflected-xss59 dos59 supply-chain57 access-control52 reverse-engineering50 input-validation49 web-security49 react49 cloudflare48 defi48 ssrf48 smart-contract47 cross-site-scripting46 open-source46 oauth44 ethereum44 sql-injection43 lfi43 aws41 web340 node39 docker38 web-application38 race-condition37 ctf37 api-security36 burp-suite36 ai-agents35 pentest35 info-disclosure35 buffer-overflow33
0 6/10
Found RCE but got Duplicated
bug-bounty

A bug bounty hunter discovered RCE by bypassing file upload restrictions through MIME type manipulation in a GET request, which was reflected in subsequent PUT requests, ultimately allowing PHP file upload via php5/php7 extensions when direct PHP upload was blocked.

rce file-upload mime-type-bypass php-extension-bypass stored-xss same-origin-policy-bypass http-put-request web-application bug-bounty
Meet Sodha Smilehacker
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 6 hours ago · details