Picture Perfect Exploit: How Image Uploads Turned Into Shell Access
研究人员通过上传包含恶意代码的图片至无认证上传接口,成功实现远程代码执行(RCE),获得反向壳并提交漏洞报告,最终获得四位数赏金。 2025-8-7 05:6:26 Author: infosecwriteups.com(查看原文) 阅读量:19 收藏

Iski

Free link 🎈

Hey there!😁

Zoom image will be displayed

Image by perplexity Ai

They say a picture is worth a thousand words… but in my case, it was worth a reverse shell, a critical report, and a four-digit bounty.

Also me, two weeks before that: “Ugh, another upload endpoint? Probably just rejects everything except .jpeg and .png. Boring.”

Also me, two weeks after that: “Bro, I just got RCE by uploading a selfie with an evil surprise inside.”

Let’s dive in. 👇

I was scanning subdomains of a fintech company that shall not be named (but rhymes with “MoneyShmash”) using my usual combo:

subfinder -d target.com | httpx -status-code -title -tech

One endpoint caught my eye:

https://media-upload.moneyshmash.com/api/v2/upload/image

With a Content-Type: multipart/form-data and Swagger docs that whispered sweet things like:

{
  "file": "(binary)"
}

Oh yes. A direct image upload endpoint. No auth. No CSRF. Time to tango. 🕺


文章来源: https://infosecwriteups.com/picture-perfect-exploit-how-image-uploads-turned-into-shell-access-473659d49020?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh