What file can be uploaded on a webapp built on django framework if it's allowing unrestricted file upload? When I uploaded a shell.py it simply rendered as text in the browser but html and javascript are executing fine.
Asked
Active
Viewed 932 times
1 Answers
0
if you can execute that file when django render, maybe you can try first a os.system("whoami") and then you can change that for a cmd and pass commands calling that file on your browser/burp/curl. if accept any file, it's really easy
Jose Sakuda
- 1
- 1
-
What extension should the file be? .py? – Subo Jun 10 '22 at 07:03
-
in this case .py because you need to do : `import os os.system("whoami")` – Jose Sakuda Jun 10 '22 at 16:02