■ ■ ■ ■ ■ ■
CyberSecurity/Web/BountyStory/RemoteCodeExecution/20230316 - The Tale of a Command Injection by Changing the Logo.md
| | 1 | + | # The Tale of a Command Injection by Changing the Logo 🩸🩸 |
| | 2 | + | |
| | 3 | + | ### 1. Recon (searching ASN) |
| | 4 | + | ### 2. Checking Wappalyzer --> PHP |
| | 5 | + | ### 3. Fuzz (ffuf) --> didn't work |
| | 6 | + | ### 4. Find File Upload |
| | 7 | + | ### 5. Testing SQLi (filename )--> didn't work |
| | 8 | + | ### 6. Testing RCE (filename) --> BINGO |
| | 9 | + | |
| | 10 | + | ## Credit |
| | 11 | + | Based on [Oxrz](https://infosecwriteups.com/command-injection-by-changing-the-logo-2d730887ab6c)'s writeup. |
| | 12 | + | <br> |
| | 13 | + | |
| | 14 | + | ## Support |
| | 15 | + | You can Follow [me](https://twitter.com/MeAsHacker_HNA) on twitter or |
| | 16 | + | <br><br><a href="https://www.buymeacoffee.com/NafisiAslH" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a> |
| | 17 | + | |
Hossein NafisiAsl
committed
with
GitHub
1 year ago
1 parent 2071f489