https:\/\/webkul.com\/blog\/burp-suite-installation-process-for-mozilla-firefox\/<\/a><\/p>\n\n\n\nCreate the PHP file which contains phpinfo() code and save it with double extension i.e .php.png. <\/p>\n\n\n\n
The file (info.php.png) contains the following code:<\/p>\n\n\n\n
<?php\nphpinfo();\n?><\/pre>\n\n\n\nThe process to Check the Image Upload Bypass<\/h4>\n\n\n\n Note<\/strong>: Before saving the uploaded image, the intercept tab should be “ON<\/strong>” under the proxy tab of the Burp Suite. <\/p>\n\n\n\nClick on the Upload button and click on the save button<\/li><\/ol>\n\n\n\n2. The intercept tab will work to catch the sent request of the post method when you click to upload the button. The uploaded file name will be displayed on the screen.<\/p>\n\n\n\n
3. Change the file name from info.php.png<\/strong> to info.php<\/strong> and click on the Forward button for forward the request to the server.<\/p>\n\n\n\n4. Once forward the request then opens the terminal and run the grep command as showing in the screenshot.<\/p>\n\n\n\n
5. After run the grep command the path of the directory where your file is successfully saved will be shown.<\/p>\n\n\n\n
6. Now Copy the path and paste in the URL to execute.<\/p>\n\n\n\n
7. After running the URL, all detail of the server will be display on the screen.<\/p>\n\n\n\nIn case you have any queries then feel free to ask in the comment section below.<\/p>\n","protected":false},"excerpt":{"rendered":"
Image Upload vulnerability is a major problem in web-based applications. Image upload is the common feature in all the web-application that’s why image upload must be fully restricted and not allow the unauthorized user to upload the malicious file. An attacker may reveal important and sensitive information by uploading the PHP executable file. So this […]<\/a><\/p>\n","protected":false},"author":229,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-226377","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\nImage Upload Vulnerability Exploitation By Burp Suite - Webkul Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Image Upload Vulnerability Exploitation By Burp Suite - Webkul Blog\" \/>\n<meta property=\"og:description\" content=\"Image Upload vulnerability is a major problem in web-based applications. Image upload is the common feature in all the web-application that’s why image upload must be fully restricted and not allow the unauthorized user to upload the malicious file. An attacker may reveal important and sensitive information by uploading the PHP executable file. So this [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\" \/>\n<meta property=\"og:site_name\" content=\"Webkul Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webkul\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-31T13:11:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-31T13:13:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\" \/>\n<meta name=\"author\" content=\"Virendra\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@webkul\" \/>\n<meta name=\"twitter:site\" content=\"@webkul\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Virendra\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\"},\"author\":{\"name\":\"Virendra\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/8b02bf86be3e610cea320caff0cbc6c9\"},\"headline\":\"Image Upload Vulnerability Exploitation By Burp Suite\",\"datePublished\":\"2020-01-31T13:11:05+00:00\",\"dateModified\":\"2020-01-31T13:13:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\"},\"wordCount\":354,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\",\"url\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\",\"name\":\"Image Upload Vulnerability Exploitation By Burp Suite - Webkul Blog\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\",\"datePublished\":\"2020-01-31T13:11:05+00:00\",\"dateModified\":\"2020-01-31T13:13:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage\",\"url\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\",\"contentUrl\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\",\"width\":949,\"height\":392,\"caption\":\"Screenshot11-1\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/webkul.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Image Upload Vulnerability Exploitation By Burp Suite\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/webkul.com\/blog\/#website\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"name\":\"Webkul Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/webkul.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/webkul.com\/blog\/#organization\",\"name\":\"WebKul Software Private Limited\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"contentUrl\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"width\":380,\"height\":380,\"caption\":\"WebKul Software Private Limited\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webkul\/\",\"https:\/\/x.com\/webkul\",\"https:\/\/www.instagram.com\/webkul\/\",\"https:\/\/www.linkedin.com\/company\/webkul\",\"https:\/\/www.youtube.com\/user\/webkul\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/8b02bf86be3e610cea320caff0cbc6c9\",\"name\":\"Virendra\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8dac69657ebaf07ca0e415cb827783a505abf0ccdff89753a766dc95c410a30?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8dac69657ebaf07ca0e415cb827783a505abf0ccdff89753a766dc95c410a30?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g\",\"caption\":\"Virendra\"},\"url\":\"https:\/\/webkul.com\/blog\/author\/virendra-tester160\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Image Upload Vulnerability Exploitation By Burp Suite - Webkul Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/","og_locale":"en_US","og_type":"article","og_title":"Image Upload Vulnerability Exploitation By Burp Suite - Webkul Blog","og_description":"Image Upload vulnerability is a major problem in web-based applications. Image upload is the common feature in all the web-application that’s why image upload must be fully restricted and not allow the unauthorized user to upload the malicious file. An attacker may reveal important and sensitive information by uploading the PHP executable file. So this [...]","og_url":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/","og_site_name":"Webkul Blog","article_publisher":"https:\/\/www.facebook.com\/webkul\/","article_published_time":"2020-01-31T13:11:05+00:00","article_modified_time":"2020-01-31T13:13:14+00:00","og_image":[{"url":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png","type":"","width":"","height":""}],"author":"Virendra","twitter_card":"summary_large_image","twitter_creator":"@webkul","twitter_site":"@webkul","twitter_misc":{"Written by":"Virendra","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#article","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/"},"author":{"name":"Virendra","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/8b02bf86be3e610cea320caff0cbc6c9"},"headline":"Image Upload Vulnerability Exploitation By Burp Suite","datePublished":"2020-01-31T13:11:05+00:00","dateModified":"2020-01-31T13:13:14+00:00","mainEntityOfPage":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/"},"wordCount":354,"commentCount":0,"publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"image":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage"},"thumbnailUrl":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/","url":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/","name":"Image Upload Vulnerability Exploitation By Burp Suite - Webkul Blog","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage"},"image":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage"},"thumbnailUrl":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png","datePublished":"2020-01-31T13:11:05+00:00","dateModified":"2020-01-31T13:13:14+00:00","breadcrumb":{"@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#primaryimage","url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png","contentUrl":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png","width":949,"height":392,"caption":"Screenshot11-1"},{"@type":"BreadcrumbList","@id":"https:\/\/webkul.com\/blog\/image-upload-vulnerability-check-by-burp-suite\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/webkul.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Image Upload Vulnerability Exploitation By Burp Suite"}]},{"@type":"WebSite","@id":"https:\/\/webkul.com\/blog\/#website","url":"https:\/\/webkul.com\/blog\/","name":"Webkul Blog","description":"","publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/webkul.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/webkul.com\/blog\/#organization","name":"WebKul Software Private Limited","url":"https:\/\/webkul.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","contentUrl":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","width":380,"height":380,"caption":"WebKul Software Private Limited"},"image":{"@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webkul\/","https:\/\/x.com\/webkul","https:\/\/www.instagram.com\/webkul\/","https:\/\/www.linkedin.com\/company\/webkul","https:\/\/www.youtube.com\/user\/webkul\/"]},{"@type":"Person","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/8b02bf86be3e610cea320caff0cbc6c9","name":"Virendra","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a8dac69657ebaf07ca0e415cb827783a505abf0ccdff89753a766dc95c410a30?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8dac69657ebaf07ca0e415cb827783a505abf0ccdff89753a766dc95c410a30?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g","caption":"Virendra"},"url":"https:\/\/webkul.com\/blog\/author\/virendra-tester160\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/226377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/users\/229"}],"replies":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/comments?post=226377"}],"version-history":[{"count":28,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/226377\/revisions"}],"predecessor-version":[{"id":227511,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/226377\/revisions\/227511"}],"wp:attachment":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/media?parent=226377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/categories?post=226377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/tags?post=226377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Screenshot11-1\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot11-1.png\")
<\/figure><\/div>\n\n\n\n![\"intercept-3\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/intercept-3.png\")
<\/figure><\/div>\n\n\n\n![\"Screenshot1-6\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Screenshot1-6.png\")
<\/figure><\/div>\n\n\n\n![\"info_path-\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/info_path-.png\")
<\/figure><\/div>\n\n\n\n![\"path_image-1\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/path_image-1.png\")
<\/figure><\/div>\n\n\n\n![\"Url_execute\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/Url_execute.png\")
<\/figure><\/div>\n\n\n\n![\"vulnerable_imageexecustion\"](\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2020\/01\/vulnerable_imageexecustion.png\")
<\/figure>\n\n\n\n