Upload a PHP webshell by spoofing the MIME type to bypass the extension filter.
// Tools required
BrowserBurp Suitecurl
// Step-by-step walkthrough
1
Attempt a direct upload
Try uploading a .php file directly. The server rejects it — there's an extension blacklist in place.
⚑ Error: "Only image files are allowed." This is the filter to bypass.
2
Spoof the Content-Type header
Intercept the upload request in Burp. Change the Content-Type from application/x-php to image/jpeg while keeping the .php extension (or use .php.jpg). The server checks the header, not the file content.
Command / Input
Content-Type: image/jpeg
Filename: shell.php
3
Execute and read the flag
After a successful upload, access the file via its URL. The server executes PHP even though the content type was spoofed.
