{"id":3553,"date":"2022-05-18T19:41:11","date_gmt":"2022-05-18T17:41:11","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=3553"},"modified":"2024-08-18T12:34:26","modified_gmt":"2024-08-18T10:34:26","slug":"fun-with-images","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=3553","title":{"rendered":"File upload checklist"},"content":{"rendered":"\n<ol class=\"wp-block-list\">\n<li>Try to upload a file and execute\/open it on the server.<\/li>\n\n\n\n<li>Try to over\u00adwrite a file on the serv\u00ader if you can change the tar\u00adget path in the request.<\/li>\n\n\n\n<li>Try to make invalid requests to pro\u00advoke error messages.<\/li>\n\n\n\n<li>Try to add some tem\u00adplate lan\u00adguage which could print\/execute something.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">(!) If upload does not seem to work, change the suf\u00adfix e.g. from .php to .pHp.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">More:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Try a <span class=\"caps\">ZIP<\/span>&nbsp;bomb<\/li>\n\n\n\n<li><a href=\"https:\/\/www.onsecurity.io\/blog\/file-upload-checklist\/#zipslip\">Try a Zip\u00adslip&nbsp;file<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.onsecurity.io\/blog\/file-upload-checklist\/\">https:\/\/www.onsecurity.io\/blog\/file-upload-checklist\/<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">File uploads \/ images<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Upload a valid image file to see how it&nbsp;works.<\/li>\n\n\n\n<li>Upload a sim\u00adple invalid file like a text&nbsp;file.<\/li>\n\n\n\n<li><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Try <a href=\"https:\/\/github.com\/chinarulezzz\/pixload\">https:\/\/github.com\/chinarulezzz\/pixload<\/a><\/li>\n\n\n\n<li>Think about <a href=\"https:\/\/imagetragick.com\/\">Image\u00adTrag\u00adick<\/a><\/li>\n\n\n\n<li>Flask\/Jinja\/<span class=\"caps\">OCR<\/span>? Try to upload an image which could be interpretet:&nbsp;<ul class=\"wp-block-list\">\n<li><code>convert -background \"#ffffff\" -size 600x100 -fill \"#000000\" -gravity center label:\"{{ self }}\" a7.png<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(!) If upload does not seem to work, change the suf\u00adfix e.g. from .php to .pHp. More: File uploads \/ images<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[470,468],"tags":[452,451,455,456,454,457,274,453],"class_list":["post-3553","post","type-post","status-publish","format-standard","hentry","category-active-enum","category-general","tag-file-upload","tag-image","tag-image-magick","tag-image-tragick","tag-imagemagick","tag-imagetragick","tag-injection","tag-upload"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3553"}],"version-history":[{"count":10,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3553\/revisions"}],"predecessor-version":[{"id":4058,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3553\/revisions\/4058"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}