| Uploading the Webshell using filename of Content-Disposition Header Story! |
|
|
|
| How I found multiple critical bugs in Red Bull |
|
|
|
| Not usual CSP bypass case |
|
|
|
| Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 |
|
|
|
| Remote Command Execution in a Bank Server |
|
|
|
| PENTEST TALES: EXIF Data Manipulation |
|
|
|
| How I hacked into a Cambridge’s server and got appreciation letter. |
|
|
|
| Case of Admin Bypass for RCE, XSS, and Information Disclosure |
|
|
|
| 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite |
|
|
|
| Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! |
|
|
|
| How I abused the file upload function to get a high severity vulnerability in Bug Bounty |
|
|
|
| RCE on Spip and Root-Me, v2! |
|
|
|
| File Upload Bypass to RCE == $$$$ |
|
|
|
| How I earned 500$ by uploading a file: write-up of one of my first bug bounty |
|
|
|
| Can analyzing javascript files lead to remote code execution? |
|
|
|
| How I Paid For My Holiday With Bug Bounty |
|
|
|
| Hacking a Bank by Finding a 0day in DotCMS |
|
|
|
| Exploiting a File Upload Vulnerability — A Directory Traversal Attack |
|
|
|
| Achieving Remote Code Execution via Unrestricted File Upload |
|
|
|
| Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) |
|
|
|
| Remote Code Execution in .tgz File Upload |
|
|
|
| SQL Injection - The File Upload Playground |
|
|
|
| XSS via file upload |
|
|
|
| Stored XSS by bypassing signature |
|
|
|
| File Upload to RCE |
|
|
|
writeups.xyz
/
Unrestricted File Upload