Ohh, what a technique man! Thanks intigriti 🤩

I have said before on another video i guess .. but u look things looks so easy and simple even though they are not 😁❤️ everytime i watch your videos i think like wow how i didn't get that idea .. learned a new usage of exiftool today from you . thank you so much for the amazing content ❤️❤️

love the qualitiy of your burpsuite content - my sub is here :)

Thanks for your effort!

I had trouble with EXIFTOOL, it would complain if there was anything inside . Instead I edited metadata via Windows Explorer > Right click > Details > Title. After I ran uploaded file, the output looked garbled, but inside it there was a 32 string, which is the same length as the codes in previous labs. I tried it and the code was accepted!

but for better understanding: it is not possible to let the OS execute that comment in the image.png file if we say that the comment is a compiled c binary who do the same as that php file_gets_content function does?

Thanks.

can you make a video about API thank you

Thank you for making such an informative video. I keep having this error on my cmd Error: Error creating file: C:/example.png_exiftool_tmp - C:/example.png 0 image files updated 1 files weren't updated due to errors what could be a good way to fix it?

My php's MIME type is HTML in Burp Suite, but exiftool shows MIME type as image/png.... what am I doing wrong? :(

Nice video!! if a put um reserve shell, its work? tks...

do i need to install exiftool for it's a command any one can help me

Nice video

😍

😊😊

This example doesn't work in real world applications, it only works on your script kiddy testing platforms, the first thing that real world apps process is the file extension, if the file extension is blacklisted, it won't work, if you change the file extension through burp proxy from php to jpg, the code will be uploaded but not executed.