file upload injection

Technically, you don't have to use an interceptor to change the file's extension. I do it because it looks cooler.

As a developer these videos are incredibly useful to me so I know what to look out for!

You know that real serious things go off when Loi says Game Over twice.

you only the best teaching of ethical hacking in youtube channel without expecting money from viewers

What a timing of vdo I was practicing this attack today in the morning. The only difference is I made payload using weevely
Security Tip: To mitigate this kind of attack check the file type on client side and also on server side

there is no 100% secure server when loi turns on the foxy proxy😎👌

Hi, am really interested in bug bounty. I’m a beginner. Can you please tell me where to start or what I need to study. Thank you and your great. I really enjoy your videos. 🙏

I'm new to learning about hacking but I just wanted to say that I think you are a wonderful teacher.

Iam from india .iam praying the god to get your channel to 1 million subscribers .i subscribed your channel with 22 different gmail accounts .

Loi liang yang please I need your help what should I do whenever I log onto my computer everyday a cmd promo always pops up really fast with no letters in it also on my discord my account just keeps sending random sketchy fishing links to my friend that I didn’t even send what should I do idk if my account or whole computer has been compromised

If we are using a third party service for file storage then we dont have to worry about these attacks right?. Like azure blob storage

how else can we prevent this type of hacking technique?

Hi , I remember that you made a video about 5 signs that your computer is hacked. Coud you make another tutorial on how to remove a hacker from computer?

Changing extension also helpful I read in book such give the script.php to image.img

Sir how to hack someone's whatsapp without taking his phone

I really enjoy sir to see your video ❤

Can you please help us know that how can we secure ourselves from this attack

I love watching this kind of stuff even I don't understand.

I am not hacker but I love hacking things....
Love you from Bangladesh

your my best

will your course on udemy include encryption and bypassing av runtime?

I am a new in this world of hackers I need to learn many things but I have time for it I from egypt

Sir. Help me my wifi adapter not working in kali but wifi is show by installing wifi driver. What i should do. Please help

Hai loi please make an video about how to setup an virtual environment (including servers , client machines, etc..) for practice hacking.

in the intro i thought i was getting messaged

You can also use p0wny shell

Hey can you plzz tell me any software for emoji remover plzzzzz

tell something about pegasus

Dude! Such an excellent explanation ! Thank you so much :)

please make video on Israeli surveillance software 'Pegasus' ? just to head start.

I love this channel..

loi sir thanks for teaching me this ...!!!!!

What if the web application does not check the file content type or the code in it; but the server side filter the file extensions ; and also when you upload a picture anything before .jpeg or .png is given a random name
Even if it pic.php%00.png => randomname.png so it will not be executed
Even if I changed the content type to application/x-php nothing is executed
What do you suggest ?

What if i only accept image with jpg png image?

Why u don't use a proxy chaining

What if they close the tab? And as dumb as it sounds can you do alot when you get access to the computer in metasploit?

How to decrypt file .gujd pls help mee

sir can you say about pegasus spyware

BRRRRRRRRRRRRRROOOOOOOOOOOOOOOOOOO MOST SITES HAVE RESTRICTIONS OMLLLLLLLL

Consistency at peek..

Please make a vlog on Pegasus.

Sir, may I know what is your keyboard? Thanks!

But what if you upload a photo that is a payload...

i gotta ask a question the website where you try exploitation, can we also try to exploit the same website like you do

we love you from Madagascar

does it work only in local ?

Mr. Loi as a developer how can i prevent this in my web sites?

do cybersecurity professionals require competitive coding?

You are best forever

Love from India !!! ❤️

Can you please make video on hacking any purchase software totally free from any old website

Great, Tanx!

What if I can upload the .php file but it don't know where it is being saved is it still exploitable or not

Is this work too in "termux " ?

mv: cannot move 'hackercra.php' to './desktop/craloireverseshell.php': No such file or directory why ?

Game over

Uh are always GOD , sir 🙏❤️

Love your work..

dang your upload daily lolol haah

Hacker ❤️

Why not just change the extension of the PHP file to PHP3 then upload it instead of intercepting the upload request to do that??

can admins of the server or who is protecting the web app detect us after uploading?

My cpanel is hacked .I cannot enter into my cpanel .How can I fix this problem?

I reallllllllly like this video, TNX

Sir i want learn hacking so how to do what do

Does the server have to run on php for this payload to work?

I didnt understand this its just upload the virus? Or i should do somthing?

Hello, please I need help from you, sir, someone collected money from my sister and we can't see the person again. What tools can you recommend to track the person through his phone number

Finally a new video 😁

Hi sir , is m1 macbook is good for hacker or developer

I want to buy your course on Udemy, but there is no Arabic translation for the course

This guy actually has 404k subs 😂 no glitches in the matrix so far 😌

why are you screaming on the thumbnail?

Big fan sir

How about tamper data for jpg/png?
I cant upload the php file

Hello sir,
Can u make a tutorial to install bwapp
I clicked install
It shows error when I click install
Most people say to create a data base I don't have idea to what to do
Please can you make a A-z tutorial on that topic

作为一名中国人 我认为你的作品没有一点技术含量wbe0.3的网络时代你在这里演示上传漏洞?

Love it

Almostly your solutions are useless, the solution is to make a separate servers depending on their needs, such as : a server for file handling (upload/download) and whatever the user upload the server will not execute it, just stream it as it's , and an example of that is AWS S3. And the other servers for other needs too , email server alone, and server side rendering , API servers, ... ,By this way the service have a great control and smooth maintenance and cost effective and scalability too.

Hello can you learn me please

Thank you ling ling

Boy and girl and human

Hi

do you have any video or tutorial available for downloading WebGoat on mac? I can’t seem to figure it out...

Yoo

brother, can i create a jpg file which van transform to a php after minutes

This contenet is too much to be free

this channel has taught me to be scared of literally everything on the internet

H ❤️ sir 👍

Sir give a tutorial about DDOS

1st

5th

Teach me how to ethically hack your website?

First lol love the content