webPromedium

Lab 165 — ReplyStream — File Upload Bypass via Content-Type Validation

hackadvisor

Task: Customer support platform with file upload functionality that validates files based on Content-Type header only. Solution: Bypass validation by spoofing MIME type in multipart/form-data request to upload PHP webshell and achieve RCE.

$ ls tags/ techniques/

rce php file_upload webshell nginx mime_type content_type_bypass

php_webshell_uploadcontent_type_header_manipulationmime_type_spoofing

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Easy Upload— hackerlab
[web][Pro]Lab 163 — PostFlow — Unrestricted File Upload via Avatar Feature— hackadvisor
[web][Pro]Revenge Upload— hackerlab
[web][Pro]Lab 307 — CrewHub — File Upload RCE via Polyglot JPG/PHP— hackadvisor
[web][Pro]Photo Storage— miptctf