Web shell upload via race condition - PortSwigger Write Up
Learn to exploit race condition vulnerabilities in file uploads to execute malicious PHP code before the server applies security validations.
Feb 23, 2022 Juan Antonio González Mena
PortSwigger Labs
29 articles
Remote code execution via polyglot web shell upload – PortSwigger Write Up
Step-by-step resolution of the PortSwigger lab on remote code execution through uploading a polyglot web shell, exploiting file content validation.
Feb 22, 2022 Juan Antonio González Mena
Web shell upload via obfuscated file extension – PortSwigger Write Up
Learn to bypass file upload restrictions using the extension obfuscation technique with null bytes to execute PHP code.
Feb 17, 2022 Juan Antonio González Mena
Web shell upload via extension blacklist bypass – PortSwigger Write Up
Learn to bypass file extension blacklists using alternative PHP extensions and Apache configurations to execute malicious code.
Feb 16, 2022 Juan Antonio González Mena
Web shell upload via path traversal - PortSwigger Write Up
Learn to exploit file upload vulnerabilities using path traversal techniques to bypass execution restrictions and execute malicious PHP code.
Feb 15, 2022 Juan Antonio González Mena
Web shell upload via Content-Type restriction bypass - PortSwigger Write Up
Learn to exploit file upload vulnerabilities by bypassing Content-Type restrictions to execute malicious PHP code.
Feb 10, 2022 Juan Antonio González Mena
Remote Code Execution via Web Shell Upload - PortSwigger Write Up
Learn to exploit file upload vulnerabilities to achieve remote code execution by uploading a PHP web shell.
Feb 9, 2022 Juan Antonio González Mena
Blind OS command injection with out-of-band interaction – PortSwigger Write Up
Learn to detect blind command injection vulnerabilities using out-of-band techniques with DNS lookups to external servers.
Feb 8, 2022 Juan Antonio González Mena
Blind OS command injection with output redirection – PortSwigger Write Up
Learn to exploit blind command injection vulnerabilities by redirecting output to accessible files to read the output of executed commands.
Feb 3, 2022 Juan Antonio González Mena