Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-24 21:53:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Sagiv 2023-07-09 09:03:36 +03:00 committed by GitHub
parent 2972551cfd
commit 9f184d9633
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pentesting-web/file-upload/README.md
View file

@ -184,7 +184,8 @@ Note that **another option** you may be thinking of to bypass this check is to m
* [https://github.com/modzero/mod0BurpUploadScanner](https://github.com/modzero/mod0BurpUploadScanner)
* [https://github.com/almandin/fuxploider](https://github.com/almandin/fuxploider)
* [https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
## Tools
* [Upload Bypass](https://github.com/sAjibuu/Upload_Bypass) is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications.
## From File upload to other vulnerabilities
* Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**