Home 0P3N Blog How To Insert A PHP Backdoor In A Web Application That Uploads JPEG Files Only ?
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

How To Insert A PHP Backdoor In A Web Application That Uploads JPEG Files Only ?

January 1, 2016
authors profile image
January 1, 2016
Hello. To begin, I would like to say thank you to the entire community of Cybrary including @Motasem helping me enough to integrate into the world of computer security. Now I have one concern: To insert a backdoor into a PHP web application that requires only the JPEG image on his page upload.php, How to insert the backdoor PHP if upload.php page of the site that only accepts extension Jpeg ??? Or do you have Backdoor Jpeg to give me ??? Do you think I can rename the Backdoor putting for example: **backdoor.jpeg.php ???**or **backdoor.php.jpeg ???****Which one is correct if I have to rename the backdoor for the page to recognize the backdoor as a Jpeg file ???** Hello. To begin, I would like to say thank you to the entire community of Cybrary including @Motasem helping me enough to integrate into the world of computer security. Now I have one concern: To insert a backdoor into a PHP web application that requires only the JPEG image on his page upload.php, How to insert the backdoor PHP if upload.php page of the site that only accepts extension Jpeg ??? Or do you have Backdoor Jpeg to give me ??? Do you think I can rename the Backdoor putting for example: **backdoor.jpeg.php ???**or **backdoor.php.jpeg ???****Which one is correct if I have to rename the backdoor for the page to recognize the backdoor as a Jpeg file ???** backdoor.php.jpeg is the right extension for an image file. Does the web application check the MIME-type of the file? Yes dear @Adam the Web application checks the type (extention) of images and rejects (refuses) when the file extension is not in JPEG. So in this case, just how to successfully install a backdoor JPEG for the Web Application accept ??? Does it check for 'magic bytes'? Here's an interesting link for you: https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/ wow good to know thx Use tamperdata add-on Firefox It's good and work with me before ...
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry