file upload injection
HTML-код
- Опубликовано: 18 сен 2024
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/...
Full Web Ethical Hacking Course: www.udemy.com/...
Full Mobile Hacking Course: www.udemy.com/...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangya...
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.
Technically, you don't have to use an interceptor to change the file's extension. I do it because it looks cooler.
Hlo, I love your videos. Can you also do a DDOS attacking video
You are officially cool 😏
If the web application is checking file type on client side then you need to intercept the request
🔥
Hi, I was wondering if you could teach me these skills. I am currently doing cyber security and pursuing it. I am in the 9th grade and really want to learn. My goal is be a pentester in the future. I've done cyber patriot for 3 years now and I really want to learn. Thanks in advance.
As a developer these videos are incredibly useful to me so I know what to look out for!
Uhm I hope every developer knows to serverside check file extensions
@@ellixt4187 I hope they do too, but these weaknesses exist because sometimes these things get overlooked, that's why these videos can be really informative to developers that are learning/starting out!
Same bro
You know that real serious things go off when Loi says Game Over twice.
you only the best teaching of ethical hacking in youtube channel without expecting money from viewers
What a timing of vdo I was practicing this attack today in the morning. The only difference is I made payload using weevely
Security Tip: To mitigate this kind of attack check the file type on client side and also on server side
there is no 100% secure server when loi turns on the foxy proxy😎👌
Hi, am really interested in bug bounty. I’m a beginner. Can you please tell me where to start or what I need to study. Thank you and your great. I really enjoy your videos. 🙏
I'm new to learning about hacking but I just wanted to say that I think you are a wonderful teacher.
Iam from india .iam praying the god to get your channel to 1 million subscribers .i subscribed your channel with 22 different gmail accounts .
Bruh you just decrease the growth rate of the channel
@@dr40xer yes realy
@@naveenreddynaveenreddy7322 ya if any one searches one channnel and subscribe with multiple accounts the reach of the channel decreases happned with my channel
Loi liang yang please I need your help what should I do whenever I log onto my computer everyday a cmd promo always pops up really fast with no letters in it also on my discord my account just keeps sending random sketchy fishing links to my friend that I didn’t even send what should I do idk if my account or whole computer has been compromised
If we are using a third party service for file storage then we dont have to worry about these attacks right?. Like azure blob storage
how else can we prevent this type of hacking technique?
Sir how to use websites vulnerability to hack
disconnect wifi pro
Define a size for uploading files
Whitelist image file types
ithink Deep Content Disarm and Reconstruction
Hi , I remember that you made a video about 5 signs that your computer is hacked. Coud you make another tutorial on how to remove a hacker from computer?
Changing extension also helpful I read in book such give the script.php to image.img
Sir how to hack someone's whatsapp without taking his phone
Please sir make it
No
I really enjoy sir to see your video ❤
Can you please help us know that how can we secure ourselves from this attack
I love watching this kind of stuff even I don't understand.
Bruh
@@dr40xer as of now I'm still learning c# that's I don't really understand what his doing.
why*
@@febbriandonguila2077 it's good I learnt python and now I am learning ethical h.ckiing
@@febbriandonguila2077 in easy words he make a back door useing msf venom and keep extension .php and just upload a backdoor in the the website and he was listening for incoming connection using metasploit and after that he opened the backdoor and he got the acess of the website admin terminal (idk all about it bcz i am newable😅
👉👈
I am not hacker but I love hacking things....
Love you from Bangladesh
your my best
will your course on udemy include encryption and bypassing av runtime?
I am a new in this world of hackers I need to learn many things but I have time for it I from egypt
Sir. Help me my wifi adapter not working in kali but wifi is show by installing wifi driver. What i should do. Please help
Hai loi please make an video about how to setup an virtual environment (including servers , client machines, etc..) for practice hacking.
in the intro i thought i was getting messaged
You can also use p0wny shell
Hey can you plzz tell me any software for emoji remover plzzzzz
tell something about pegasus
Dude! Such an excellent explanation ! Thank you so much :)
please make video on Israeli surveillance software 'Pegasus' ? just to head start.
I love this channel..
loi sir thanks for teaching me this ...!!!!!
What if the web application does not check the file content type or the code in it; but the server side filter the file extensions ; and also when you upload a picture anything before .jpeg or .png is given a random name
Even if it pic.php%00.png => randomname.png so it will not be executed
Even if I changed the content type to application/x-php nothing is executed
What do you suggest ?
What if i only accept image with jpg png image?
Upload as a.php.jpg
@@ohhmypenniereview8505 does it really work?
@@Mohta69 use some malicious php payloads
It's works
Why u don't use a proxy chaining
What if they close the tab? And as dumb as it sounds can you do alot when you get access to the computer in metasploit?
How to decrypt file .gujd pls help mee
sir can you say about pegasus spyware
BRRRRRRRRRRRRRROOOOOOOOOOOOOOOOOOO MOST SITES HAVE RESTRICTIONS OMLLLLLLLL
Consistency at peek..
Please make a vlog on Pegasus.
Sir, may I know what is your keyboard? Thanks!
But what if you upload a photo that is a payload...
i gotta ask a question the website where you try exploitation, can we also try to exploit the same website like you do
we love you from Madagascar
does it work only in local ?
Mr. Loi as a developer how can i prevent this in my web sites?
do cybersecurity professionals require competitive coding?
No
No you’re better off having a good HTB/THM rank.
You are best forever
Love from India !!! ❤️
Can you please make video on hacking any purchase software totally free from any old website
Great, Tanx!
What if I can upload the .php file but it don't know where it is being saved is it still exploitable or not
Is this work too in "termux " ?
mv: cannot move 'hackercra.php' to './desktop/craloireverseshell.php': No such file or directory why ?
Game over
Uh are always GOD , sir 🙏❤️
Love your work..
dang your upload daily lolol haah
Hacker ❤️
Why not just change the extension of the PHP file to PHP3 then upload it instead of intercepting the upload request to do that??
Your initial file was .php and meterpreter won't recognise your file after you change the extension.Also,there is no way you can change your file's extension after uploading it.
can admins of the server or who is protecting the web app detect us after uploading?
My cpanel is hacked .I cannot enter into my cpanel .How can I fix this problem?
I reallllllllly like this video, TNX
Sir i want learn hacking so how to do what do
Does the server have to run on php for this payload to work?
I didnt understand this its just upload the virus? Or i should do somthing?
Hello, please I need help from you, sir, someone collected money from my sister and we can't see the person again. What tools can you recommend to track the person through his phone number
Finally a new video 😁
Hi sir , is m1 macbook is good for hacker or developer
Ya it is good for programing but you need a os for running tools so you need linux or pre-installed tools linux
@@dr40xer yeah that's ok but how can i run linux in m1 mac book, it does not support virtualization and boot camp also not supported becoz its a ARM chipset.......... 😭
@@logeshkanna1509 I don't know much about apple products it may support vm ware or application like that or else you can buy a raspberry pie
@@dr40xer yeah okay thanks for your info
@@logeshkanna1509 np
I want to buy your course on Udemy, but there is no Arabic translation for the course
This guy actually has 404k subs 😂 no glitches in the matrix so far 😌
why are you screaming on the thumbnail?
Big fan sir
How about tamper data for jpg/png?
I cant upload the php file
Hello sir,
Can u make a tutorial to install bwapp
I clicked install
It shows error when I click install
Most people say to create a data base I don't have idea to what to do
Please can you make a A-z tutorial on that topic
作为一名中国人 我认为你的作品没有一点技术含量wbe0.3的网络时代你在这里演示上传漏洞?
These exploits still exist you gotta know where to look
Love it
Almostly your solutions are useless, the solution is to make a separate servers depending on their needs, such as : a server for file handling (upload/download) and whatever the user upload the server will not execute it, just stream it as it's , and an example of that is AWS S3. And the other servers for other needs too , email server alone, and server side rendering , API servers, ... ,By this way the service have a great control and smooth maintenance and cost effective and scalability too.
Hello can you learn me please
Thank you ling ling
Boy and girl and human
Hi
do you have any video or tutorial available for downloading WebGoat on mac? I can’t seem to figure it out...
Yoo
brother, can i create a jpg file which van transform to a php after minutes
Yes try with abc.php.jpg
@@ohhmypenniereview8505 but, is there a tool or something to create it
This contenet is too much to be free
this channel has taught me to be scared of literally everything on the internet
H ❤️ sir 👍
Sir give a tutorial about DDOS
1st
5th
Teach me how to ethically hack your website?
First lol love the content