f46b5405
20230316 - The Tale of a Command Injection by Changing the Logo.md
The Tale of a Command Injection by Changing the Logo 🩸🩸
1. Recon (searching ASN)
2. Checking Wappalyzer --> PHP
3. Fuzz (ffuf) --> didn't work
4. Find File Upload
5. Testing SQLi (filename )--> didn't work
6. Testing RCE (filename) --> BINGO
Credit
Based on Oxrz's writeup.
Support
You can Follow me on twitter or