How I found Command Injection via Obsolete PHPThumb

Note:-

Steps To Reproduce:

Error Page
uname -a
ls -la
cat etc/passwd

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sushant Kamble

Sushant Kamble

|Security Research| Bug Hunter| Bugcrowd| Hackerone| CTF Player |BlackHat🎩| CEH| CCNA| CCNP|MCSC|