cyberneticlibrary
← library

Hunt file upload RCE and XSS

hunt-file-uploadskillsetup L11,791
elementalsouls/Claude-BugHunter
What it does

Find file-upload RCE, XXE, path traversal across 10 bypass techniques

Best for

Security auditors hunting RCE on PHP/JSP/ASPX stacks with publicly-exploitable file-processing chains.

Inputs
  • · target /upload, /avatar, /import endpoint URL
  • · polyglot payload files (PHP+GIF, SVG+JS, DOCX+XXE)
Outputs
  • · RCE proof (command output)
  • · XSS reflected in profile-photo URL
  • · SSRF OOB callback
  • · path traversal file read
Requires
  • · Burp Suite
  • · ImageMagick / FFmpeg (to craft payloads)
  • · Collaborator server (OOB verify)
Preconditions
  • · target runs file-processing (image upload, PDF gen, archive extract)
  • · upload endpoint reachable
Failure modes
  • · uploads blocked by front-end WAF
  • · magic-byte validation enforced
  • · no direct file serving of upload dir
Trust signals
  • · Cites 10 documented bypass techniques with real paid bounty examples
  • · Includes magic-byte reference table and ImageMagick/FFmpeg SSRF payloads
  • · Covers polyglot files (valid as both JPEG and PHP)