Hide Malicious Shell in Image File
links
Web Application Security
Web Security Academy
Labs
File Upload Vulnerabilities
Malicious Metadata
Exiftool
There are many ways to bypass flawed validation of file uploads to upload web shells on web applications, this link explains some ways like creating a polyglot image file containing malicious code in its metadata using tools like exiftool, this method is interesting, check it out.
Also you can practice this vulnerability in Web Security Academy, check the link below.
External Links
References
-
Icon made by Freepik from www.flaticon.com ↩