<form action="/upload.php" method="POST" enctype="multipart/form-data"> <input type="file" name="picture"> <input type="submit" value="Upload"> </form>
The script:
Conclusion : The web server treats files in /uploads/ as – no PHP execution. juq-191
– a reverse shell appears on your listener: <form action="/upload
The resulting JPEG still opens normally, but when convert processes it, the | character tells ImageMagick to the image data to the command following the pipe. The command we injected opens a reverse shell back to our listener. input type="file" name="picture">
Rating: ★★★★★ (5/5)