SHELL UPLOADING BYPASS FILE RESTRICTION USING TAMPER DATA

SHELL UPLOADING BYPASS FILE RESTRICTION USING TAMPER DATA

Some websites don't allow uploading files other than images so in such a situation shell uploading is a problem because we can't upload any php or asp shell file.So we can upload shell by tempering HTTP headers.
Requirements:
Mozilla Firefox
Tamper Data add-on
Brain smile emoticon
Temper Data: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
Mozilla FireFox: http://www.mozilla.org/en-US/firefox/new/
Open Website's Admin Panel
Change Your Shell Extension to php.jpeg or php.jpg or php.gif
Example :
Shell.php.jpeg or shell.php.jpg or shell.php.gif
Now open your Tamper Data And Click on Start Tampering..
Now goto Upload section` and upload your Shell As shell.php.jpg
Windows Will Pop-UP.
--- Tamper - Submit - Abort REQUEST
Click 0n Tamper
At Your Right Side Copy All Text from POST DATA BOX
Paste All text in notepad..
Now Press CTRL + F, a search Text field will appear in your firefox browser's lower left.
Search For Shell.php.jpg
Edit Your Shell Extension to .php then copy it paste it on post data box And Click On Submit...
Example :
From shell.php.jpg to shell.php smile emoticon
Congrats your shell has been uploaded succesfully.
Now in image gallery where you have uploaded shell, u will see many images.Right click on your shell image
and click on "copy image location". Now paste this url in your browser bar.Your shell will open up for U.
Why do we need Tamper Data:
Tamper Data is used to view / modify HTTP/HTTPS headers and post parameters.So with this adon we will trick web application that we are uploading image file i.e. jpg, gif, png etc. but when file will be transferring through HTTP headers, we will change its extension to shell.php and our shell will be uploaded.This is called HTTP headers tempering.