■ ■ ■ ■ ■ ■
CyberSecurity/Web/BountyStory/RemoteCodeExecution/20230316 - The Tale of a Command Injection by Changing the Logo.md
| 1 | + | # The Tale of a Command Injection by Changing the Logo 🩸🩸 |
| 2 | + | |
| 3 | + | ### 1. Recon (searching ASN) |
| 4 | + | ### 2. Checking Wappalyzer --> PHP |
| 5 | + | ### 3. Fuzz (ffuf) --> didn't work |
| 6 | + | ### 4. Find File Upload |
| 7 | + | ### 5. Testing SQLi (filename )--> didn't work |
| 8 | + | ### 6. Testing RCE (filename) --> BINGO |
| 9 | + | |
| 10 | + | ## Credit |
| 11 | + | Based on [Oxrz](https://infosecwriteups.com/command-injection-by-changing-the-logo-2d730887ab6c)'s writeup. |
| 12 | + | <br> |
| 13 | + | |
| 14 | + | ## Support |
| 15 | + | You can Follow [me](https://twitter.com/MeAsHacker_HNA) on twitter or |
| 16 | + | <br><br><a href="https://www.buymeacoffee.com/NafisiAslH" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a> |
| 17 | + | |