Many times you want to upload a shell to a website,
but the websites allows only jpg to be uploaded. You tried everything like
NULL-bytes and so and, but nothing worked. Thats because the site uses
php-functions like "GetImageSize" to veryfie that it is really a
picture. But you can bypass that.
Ok lets start:
What do you need?:
edjpgcom (search on google or download this one: http://www.mediafire.com/?1u8635yrteswv30
A jpg-image (it should be very small like 1x1px because big pictures can cause errors in the php script. (you can take this one: http://www.mediafire.com/?t28xp2714pw64bp
Ok lets start:
What do you need?:
edjpgcom (search on google or download this one: http://www.mediafire.com/?1u8635yrteswv30
A jpg-image (it should be very small like 1x1px because big pictures can cause errors in the php script. (you can take this one: http://www.mediafire.com/?t28xp2714pw64bp
What Next after Downloading?
open cmd (win+r cmd enter)
use cd to change the directory to the one where you stored the two files.
now type (without the quotes) "edjpgcom image.jpg"
it will be some thing like this
use cd to change the directory to the one where you stored the two files.
now type (without the quotes) "edjpgcom image.jpg"
it will be some thing like this
When you press enter you will see some thing like this
Now edjpg will open, and you can write your php code
into the picture.
I will use <?php phpinfo(); ?> as example.
Click ok. now your image contains your php code.
I will use <?php phpinfo(); ?> as example.
Click ok. now your image contains your php code.
Change the extention of the image file from .jpg to .php and upload it.
Why does this work?
GetImageSize only works with images, but your image.php looks for php like an image with a comment inside, the extention doesent matter.
Many php tutorials like this one:http://www.php-einfach.de/tuts_php_datei_upload.php say GetImageSize is secure, and many websites use it.
Why does this work?
GetImageSize only works with images, but your image.php looks for php like an image with a comment inside, the extention doesent matter.
Many php tutorials like this one:http://www.php-einfach.de/tuts_php_datei_upload.php say GetImageSize is secure, and many websites use it.
When I wanna Save This It Give me A Error Msg " Permission Denied, Can't Rename". What Shall I Do ?
ReplyDeleteAfter you write the code and click on ok... close the command box and then try to rename.It should work. Im able to rename. if you want i can post a video tut for this..
ReplyDeletePlease post a video tutorial for this.....I
ReplyDeletebro not etension change nahi hota video tutorial plsss
ReplyDeletehelp me pls i cant run ng edjpg
ReplyDeletebro, It deletes automatically after some 10 seconds.. I dont know why...?
ReplyDeleteHi Buddy! Nice site with great posts.Keep it up! :)
ReplyDeletewhy not rename your shell to shell.php.pjpeg that would work..
ReplyDelete