Exploiting File Upload using Null byte

Gupta Bless
4 min readAug 1, 2020

In my previous blog related to FILE upload, I already discussed some basic techniques to bypass whitelisting of file extensions. Now in this blog I am explaining other techniques here like MIME type, NULL byte injection.

MIME type:

Aim: Our aim is to upload PHP code and retrieve password in the file “.passwd”.

there are three tabs in the web application

· defaced

· upload

· pirate



Gupta Bless

Security enthusiast working to secure web for others.