0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

Merge pull request #669 from sAjibuu/patch-1 

Update README.md
This commit is contained in:
Carlos Polop 2023-07-19 13:05:03 +02:00 committed by GitHub
parent 0ff192ff74 9f184d9633
commit 73e07dbcbd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pentesting-web/file-upload/README.md
View File

@ -184,7 +184,8 @@ Note that **another option** you may be thinking of to bypass this check is to m
* [https://github.com/modzero/mod0BurpUploadScanner](https://github.com/modzero/mod0BurpUploadScanner)
* [https://github.com/almandin/fuxploider](https://github.com/almandin/fuxploider)
* [https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
## Tools
* [Upload Bypass](https://github.com/sAjibuu/Upload_Bypass) is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications.
## From File upload to other vulnerabilities
* Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**