Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality] ➡️ Hitting P1's - RCE, SQL Injection, SSRF, Sto... - It's Steiner254 | Rattibha

Technology cybersecurity bug bounty hacking SQL Injection File Upload Vulnerabilities RCE (Remote Code Execution) LFI (Local File Inclusion) XXE (XML External Entity) Cybersecurity Tips

It's Steiner254

25 Tweets 21 reads Dec 06, 2022

Twitter

Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
File Upload Vulnerabilities Checklist
0xn3va.gitbook.io

0xn3va.gitbook.io

2/n
Exif Data Not Stripped From Uploaded Images
kathan19.gitbook.io

kathan19.gitbook.io

3/n
Null Byte - Bypass File Upload restrictions to achieve RCE
null-byte.wonderhowto.com

null-byte.wonderhowto.com

4/n
Null Byte - Uploading A Web Shell
null-byte.wonderhowto.com

null-byte.wonderhowto.com

5/n
Basic RCE via unrestricted File Upload
youtube.com

6/n
Web Shell via Denylist Bypass!
youtube.com

7/n
Web Shell via Polyglot File Upload!
youtube.com

8/n
RCE via Web Shell Polyglot Upload
youtube.com

9/n
Web Shell Upload via Race Condition
youtube.com

10/n
Unrestricted File Upload leads to RCE & SSRF
itsfading.github.io

itsfading.github.io

11/n
Bypassing File Restrictions Upload IN JOOMLA to get RCE
blog.fabiopires.pt

blog.fabiopires.pt

12/n
SQL Injections on file uploads
youtube.com

13/n
All about file upload XSS
infosecwriteups.com

infosecwriteups.com

14/n
CSRF on profile picture upload
hackerone.com

15/n
Blind Server Side Request Forgery ( SSRF ) | Via SVG
youtube.com

16/n
Blind SSRF via svg upload
youtube.com

17/n
Exploiting XXE via File Upload
gupta-bless.medium.com

gupta-bless.medium.com

18/n
Application Level DOS
gaya3-r.medium.com

gaya3-r.medium.com

19/n
Twitter asset IDOR on file upload
youtube.com

20/n
Open Redirect via SVG File Upload
hackerone.com

21/n
Hunting for Bugs in File Upload Feature:
sm4rty.medium.com

sm4rty.medium.com

22/n
@_zwink testing File Upload vulnerabilities
youtube.com

23/n
Hacktricks File Upload
book.hacktricks.xyz

book.hacktricks.xyz

n/n
Practice Makes Perfect!
Don't Drink & Drive!
Stay Ethical & Happy Hacking :)
See you here same time tomorrow!

Loading suggestions...

Settings

Theme

Font Size