🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • OSINT
      • OpSec
    • Binary Exploitation
      • Assembly
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
    • Malware Development
    • Infographics
Powered by GitBook
On this page
  • Tools:
  • YesWeHack File upload series:
  1. group
  2. Web

File upload

File upload testing.

PreviousOAuth 2.0NextAndroid

Last updated 2 days ago

Tools:

  • can be useful for creating malicious PDFs.

  • can also be used for generating PDFs which will notify if any interactions happens.

YesWeHack File upload series:

I think it's one of the best written 2 part series for testing file upload functionalities

Malicious PDF generator
canary token
https://blog.yeswehack.com/yeswerhackers/exploitation/file-upload-attacks-part-1/
https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/