Hi

few days ago i found a site that i could upload a file(jpg,....). i had to encode my shell code and then uploaded,because the site checks files and it can diagnose a content of files.
so I uploaded(by encoding my shell).now i don't know how i can use my shell.is there any way to bypass it?

Hi,

what do you mean by encoding? Something like putting the PHP code of a web shell in base64 encoded form into a GIF or JPEG image and upload that?

If it is supposed to be a pure image file upload, the uploaded files may be saved with an image file extension (like .gif or .jpg) on the server and they will not be parsed for PHP code by the server. An old trick, which really should not work anymore today, is to upload an .htaccess file through the image upload which changes the configuration of the server to treat files with a .gif file extension as PHP files.

If you cannot trick the server into executing the code included in your image file, you have only uploaded a weird image file.