Back to directory

WRITEUP #1719

Uploading the Webshell using filename of Content-Disposition Header Story!

OtherUnrestricted file uploadArbitrary file write

byYashar Mohagheghi

Program

-

Published

Jan 9, 2023

Added to HackDex

Jan 11, 2023

Read Full Writeuphttps://ymohagheghi.medium.com/uploading-the-webshell-using-filename-of-content-disposition-header-story-59ba87752311

▸ RELATED WRITEUPS

CVE-2024-29511 – Abusing Ghostscript’s OCR device

OtherArbitrary file read

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Built with ❤️ by Shubham Rawat