I have just started my career in infosec. I was trying to learn RCE through malicious file upload. I am against jsp application. Application is accepting the JSP file from image logo by using null byte. but after going to the location of uploaded file I am not getting the exact path. Path is like:
http://example.com/getuserlogo?id=somthing. I have crawled the complete application. but didn’t get any thing.
Is there any other way to find out the path. Please suggest me?
sometimes you can something from there
if you have a local instance of the app or access to the app’s backend you will see where there files are uploaded too.
perhaps uploading an image, then viewing the location of the image when it’s re-presented to you to view would be a good place to start looking
You could check online if there is a documentation regarding uploading files with the application you are testing.
You could also find the location for a valid ID, check the file name and then see it that files is referenced in any other part of the application.