Lab link.
If the application has taken precautions for the file extension, there are several ways to bypass this precaution. In this lab, we use the null byte method to bypass the file extension blocking.
In Requesat’s response, we see that our file was uploaded correctly.
In the GET /files/avatars/ we correct our file name and access the code.
Hello, I am Aleyna Doğan. I work as a Sr. Cyber Threat Intelligence Analyst. In my blog, we write blog posts that my friends and I want to share. Have a good read.