Image Upload vulnerability is a major problem in web-based applications. Image upload is the common feature in all the web-application that’s why image upload must be fully restricted and not allow the unauthorized user to upload the malicious file.
An attacker may reveal important and sensitive information by uploading the PHP executable file. So this blog helps you to exploit the double extension vulnerable image through a Burp suite.
In medium security it only allows .jpeg and .png extension file to be uploaded on the web-server and restricts other files with single file extension while uploading in the web-server. Now there are some techniques through which we will bypass the malicious PHP file in the web-server.
Note: The burp suite must be properly configured with your browser. To know how to configure the burp suite with Firefox Web Browser, check the blog: https://webkul.com/blog/burp-suite-installation-process-for-mozilla-firefox/
Create the PHP file which contains phpinfo() code and save it with double extension i.e .php.png.
The file (info.php.png) contains the following code:
<?php phpinfo(); ?>
The process to Check the Image Upload Bypass
Note: Before saving the uploaded image, the intercept tab should be “ON” under the proxy tab of the Burp Suite.
- Click on the Upload button and click on the save button
2. The intercept tab will work to catch the sent request of the post method when you click to upload the button. The uploaded file name will be displayed on the screen.
3. Change the file name from info.php.png to info.php and click on the Forward button for forward the request to the server.
4. Once forward the request then opens the terminal and run the grep command as showing in the screenshot.
5. After run the grep command the path of the directory where your file is successfully saved will be shown.
6. Now Copy the path and paste in the URL to execute.
7. After running the URL, all detail of the server will be display on the screen.
In case you have any queries then feel free to ask in the comment section below.
Be the first to comment.