Methods of shell uploading
Now Try these methods below
<--------------------------------------------------------------------------------->
Method 1 :-> *_*
<--------------------------------------------------------------------------------->well we all know that uploading scripts accepts JPG or GIF or both etc
so its possible some times to bypass it by
renaming the file to
" shell.jpg.php "
Or
" shell.gif.php "
<--------------------------------------------------------------------------------->
Method 2 :-> *_*
<--------------------------------------------------------------------------------->Sometimes we can upload PHP file by editing the parameters with tools such as
Tamper Data ( Firefox Addon )
Download It Here
Code:
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
Change the
application/octet-stream
to
image/gif
or
image/jpg
Video Tutorial :->
<--------------------------------------------------------------------------------->
Method 3 :-> *_*
<--------------------------------------------------------------------------------->We can also upload shell by adding
to the file name
%_00shell.jpg%00php
shell.jpg%.php
Or
shell.jpg;php
<--------------------------------------------------------------------------------->
Method 4 :-> *_*
<--------------------------------------------------------------------------------->Another way is by tricking Apache
by adding PHP languages
For Example :->
file.php.enThe Apache will read the file.php.en
as a normal php file
cause .en refers to English
Another example :->
file.php.ar
As .ar refers to Arabic and Etc Etc.
That helps when we find an uploading center that
denies PHP extensions and allows any other unknown extension.