put-request-exploitation

1 article
sort: new top best
clear filter
bug-bounty473 google371 microsoft318 facebook271 xss267 rce184 apple178 malware177 exploit165 cve122 account-takeover110 bragging-post102 phishing85 csrf85 privilege-escalation83 browser71 supply-chain69 stored-xss65 authentication-bypass64 dos64 react58 reflected-xss57 cloudflare52 reverse-engineering50 access-control48 node48 input-validation48 aws48 cross-site-scripting48 writeup47 docker46 ssrf45 smart-contract45 ethereum44 web-security43 sql-injection43 defi43 web343 oauth41 web-application41 lfi38 info-disclosure37 pentest37 race-condition37 idor35 burp-suite35 auth-bypass35 vulnerability-disclosure34 cloud34 html-injection33
0 6/10
Unrestricted file upload to RCE
bug-bounty

A bug bounty writeup demonstrating unrestricted file upload leading to RCE by bypassing extension filters through MIME type manipulation in GET parameters, chaining with PUT requests, and exploiting alternative PHP extensions (phps, php3, php5) that bypass .php filtering to execute arbitrary code.

file-upload rce php-execution extension-bypass mime-type-bypass stored-xss same-origin-policy-bypass x-frame-options-bypass referer-header-manipulation put-request-exploitation
Muhammad Khizer Javed
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details