The Tale of a Command Injection by Changing the Logo 🩸🩸

1. Recon (searching ASN)

2. Checking Wappalyzer --> PHP

3. Fuzz (ffuf) --> didn't work

4. Find File Upload

5. Testing SQLi (filename )--> didn't work

6. Testing RCE (filename) --> BINGO

Credit

Based on Oxrz's writeup.
 

Support

You can Follow me on twitter or