let’s suppose we have a website that is based on PHP and it allows us to upload a file(image,video, text, and script). and the web server makes a task with the file.

it means if we upload a file, the web server executes it automatically.

so, we can bind a shell into an image file(for example) and upload it into the web server.

•the shell must be in written in PHP in this case.

For example:

we all know about Facebook. it allows us to upload a profile picture. now, we can bind a shell into an image file using ExifTool. later, we can access the web server command prompt or terminal.

By the way, Facebook doesn’t have this kinda vulnerability.

thanks for visiting.

LEAVE A REPLY

Please enter your comment!
Please enter your name here