What is the next step of this file upload attack?

One possible path would be to try and get it to be included somehow. A lot of add-on frameworks can run an arbitrary PHP code file. If the attacker was able to find such an add-on framework, they could give it the path to the file and it would be executed as PHP regardless of the file extension.

Tags:

Iis

File Upload

Web Application

Appsec

Recent Posts