https://az0th.it/web/upload/ Recent content in File Upload on MrAzoth Hugo -- 0.154.5 en-us Tue, 24 Feb 2026 00:00:00 +0000 https://az0th.it/web/upload/060-upload-file-upload-bypass/ Tue, 24 Feb 2026 00:00:00 +0000 https://az0th.it/web/upload/060-upload-file-upload-bypass/ <h1 id="file-upload-bypass">File Upload Bypass</h1> <blockquote> <p><strong>Severity</strong>: Critical | <strong>CWE</strong>: CWE-434 <strong>OWASP</strong>: A03:2021 – Injection / A04:2021 – Insecure Design</p> </blockquote> <hr> <h2 id="what-is-file-upload-bypass">What Is File Upload Bypass?</h2> <p>File upload vulnerabilities occur when an application accepts user-uploaded files without adequate validation, allowing attackers to upload and execute malicious code or access sensitive files. The attack impact scales from stored XSS to full server compromise depending on execution context.</p> <pre tabindex="0"><code>Upload Vector → Bypass Filter → Store File → Trigger Execution ↑ ↑ ↑ ↑ multipart extension web root, direct access, PUT API MIME type readable LFI include, avatar content sig path image proc, import size predictable PHAR trigger </code></pre><hr> <h2 id="discovery-checklist">Discovery Checklist</h2> <p><strong>Phase 1 — Enumeration</strong></p> https://az0th.it/web/upload/062-upload-xxe-binary-formats/ Tue, 24 Feb 2026 00:00:00 +0000 https://az0th.it/web/upload/062-upload-xxe-binary-formats/ <h1 id="xxe-via-binary-formats-docx-xlsx-svg-odt">XXE via Binary Formats (DOCX, XLSX, SVG, ODT)</h1> <blockquote> <p><strong>Severity</strong>: High–Critical | <strong>CWE</strong>: CWE-611 <strong>OWASP</strong>: A05:2021 – Security Misconfiguration</p> </blockquote> <hr> <h2 id="what-is-xxe-via-binary-formats">What Is XXE via Binary Formats?</h2> <p>XML External Entity injection isn&rsquo;t limited to endpoints that explicitly accept XML. Many modern file formats are ZIP archives containing XML files — Office Open XML (DOCX, XLSX, PPTX), OpenDocument (ODT, ODS), EPUB, JAR/WAR — and are processed server-side by import features, preview generators, or document converters. Any of these can trigger XXE if the server-side XML parser has external entities enabled.</p> https://az0th.it/web/upload/061-upload-zip-slip/ Tue, 24 Feb 2026 00:00:00 +0000 https://az0th.it/web/upload/061-upload-zip-slip/ <h1 id="zip-slip--archive-path-traversal">Zip Slip / Archive Path Traversal</h1> <blockquote> <p><strong>Severity</strong>: Critical | <strong>CWE</strong>: CWE-22, CWE-434 <strong>OWASP</strong>: A04:2021 – Insecure Design</p> </blockquote> <hr> <h2 id="what-is-zip-slip">What Is Zip Slip?</h2> <p>Zip Slip is a directory traversal vulnerability in archive extraction logic. When an archive contains a file with a path like <code>../../webroot/shell.php</code>, insecure extraction code writes the file <strong>outside the intended target directory</strong> — overwriting arbitrary files and enabling RCE via webshell drop.</p> <p>Affected archive formats: <strong>ZIP, TAR, GZ, TAR.GZ, BZ2, TGZ, AR, CAB, RPM, 7Z, WAR, EAR, JAR</strong> (any format that supports subdirectories in file entries).</p>