Upload_Bypass_Carnage - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!
POC video:
File upload restrictions bypass by using different bug bounty techniques! Tool must be running with all its assets!
Installation:
pip3 install -r requirements.txt
Usage: upload_bypass.py [options]
Options: -h, --help
show this help message and exit
-u URL, --url=URL
Supply the login page, for example: -u http://192.168.98.200/login.php'
-s , --success
Success message when upload an image, example: -s 'Image uploaded successfully.'
-e , --extension
Provide server backend extension, for example: --extension php (Supported extensions: php,asp,jsp,perl,coldfusion)
-a , --allowed
Provide allowed extensions to be uploaded, for example: php,asp,jsp,perl
-H , --header
(Optional) - for example: '"X-Forwarded-For":"10.10.10.10"' - Use double quotes around the data and wrapp it all with single quotes. Use comma to separate multi headers.
-l , --location
(Optional) - Supply a remote path where the webshell suppose to be. For exmaple: /uploads/
-S, --ssl
(Optional) - No checks for TLS or SSL
-p, --proxy
(Optional) - Channel the requests through proxy
-c, --continue
(Optional) - If set, the brute force will continue even if one or more methods found!
-v, --verbose
(Optional) - Printing the http response in terminal
-U , --username
(Optional) - Username for authentication. For exmaple: --username admin
-P , --password
(Optional) - - Password for authentication. For exmaple: --password 12345
Upload_Bypass_Carnage - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!
Reviewed by Zion3R
on
8:30 AM
Rating:
![Upload_Bypass_Carnage - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEKnaGI0gdG7nQyY-1Hyf98cLyY0tihjQY-__-RUt3M4UkUc4E_VU22PT1aiWKmF5UYG4FKzZk_6dElqe0mqGF4FM6A-yVBAOSCYjFbwj-mQuKimFOI4vv0H68n4cusILcjBpufykx4dpvGpRNyRJESXLa8XHWj_8Q_u9NqYBewfNN8Gpagjyikp6gKg/s72-w640-c-h350/Upload_Bypass_Carnage.png)