Exploiting File Upload using Null byte
4 min readAug 1, 2020
In my previous blog related to FILE upload, I already discussed some basic techniques to bypass whitelisting of file extensions. Now in this blog I am explaining other techniques here like MIME type, NULL byte injection.
MIME type:
Aim: Our aim is to upload PHP code and retrieve password in the file “.passwd”.
there are three tabs in the web application
· defaced
· upload
· pirate