Upload_Bypass_v3.0.8-dev

Update v3.0.8 (Major Update for Windows)

Windows Update:
The program was initially designed for Unix-based systems due to potential antivirus triggers when running on Windows hosts, this update addresses this problem.

Changes Made:

1. Anti-Malware Triggering: Removed shell files, they are now stored in config.py as base64-encoded data, they are decoded only when required.
2. Update Push for Windows: Implemented automatic update feature for Windows, updates replace old files with new copies upon download and extraction.
3. Windows Compatibility: Resolved folder creation issue on Windows systems when IP addresses include ports.
4. Improved User Experience: Various enhancements to streamline usability.

Upload_Bypass_v3.0.7-dev

A tiny update:
An HTTP PATCH method is added.

Full Changelog: v3.0.6#dev...v3.0.7#dev

Upload_Bypass_v3.0.6-dev

Fixed issues with the null byte module and the overall code is improved.

Full Changelog: v3.0.5#dev...v3.0.6#dev

Upload_Bypass_v3.0.5-dev

What's Changed

Updates of version 3.0.5:

1. A new module called path traversal was added:
   The path traversal module can bypass .htaccess rules that apply in the current directory by uploading a file in a parent directory using path traversal vulnerability.
2. Fixed some minor issues.

Full Changelog: v3.0.4#dev...v3.0.5#dev

Upload_Bypass_v3.0.4-dev

What's Changed

Updates of version 3.0.4:

1. Fixed the issue with the auto-detect HTTP/s protocol.
2. Code is optimized.

Full Changelog: v3.0.3#dev...v3.0.4#dev

Upload_Bypass_v3.0.3-dev

What's Changed

Updates of version 3.0.3:

1. Added 2 new modules:

• Stripping Extension:
  Severs might strip forbidden extensions, for example .php will be stripped from the filename. Therefore, the program will try to upload filename.p.phphp which results in filename.php

• Discrepancy:
  URL encoding (or double URL encoding) for dots. If the value isn't decoded when validating the file extension, but is later decoded server-side, this can allow to upload malicious files that would otherwise be blocked. Ex: exploit%2Ephp (Front-end) = exploit.php (Back-end)

2. Code is fixed and optimized.
3. Fixed rate limiting issue
4. Fixed a bug in the code and fixed the trailing dot in the file extensions.

Full Changelog: v3.0.2#dev...v3.0.3#dev

Upload_Bypass_v3.0.1-dev

🚀 Updates

Updates of version 3.0.0:

• The code almost written from scratch, utilizes better file parsing and eliminates most of the bugs.
• Modular code! Now you can contribute to the code and add your own modules.
• Introducing 3 different modes, detection, exploitation and Anti_Malware check, choose your weapon!
• New state feature, you can now pause the code and resume from where you left off!
• New UI for an easy view.
• Docker file for an easy deployment.
• Various test files provided for internal testing.
• Debug mode. If you encounter a bug, you can save the stack trace and share it with me for further analysis.

What's Changed

Updates of version 3.0.1:

• Added smart detection feature:
  • Detection mode - If uploaded directory is provided, the program will check if the sample file is rendered as the chosen technology, such as application/x-httpd-php for instance. If it is rendered successfully, the program will ask the user if he/she wants to exploit it as well.
  • Exploitation Mode - If uploaded directory and continue flag is provided, the program will check if the Web-Shell is rendered as the chosen technology, such as application/x-httpd-php for instance. If it is rendered it will enter to an interactive shell, otherwise, it will keep trying.
• Improved Web-Shells.
• Fixed some minor bugs

Full Changelog: v3.0.0#dev...v3.0.1#dev

Upload_Bypass_v3.0.0-dev

🚀 Updates

Introducing version 3.0.0

• The code almost written from scratch, utilizes better file parsing and eliminates most of the bugs.
• Modular code! Now you can contribute to the code and add your own modules.
• Introducing 3 different modes, detection, exploitation and anti_malware check, choose your weapon!
• New state feature, you can now pause the code and resume from where you left off!
• New UI for an easy view.
• Docker file for an easy deployment.
• Various test files provided for internal testing.
• Debug mode. If you encounter a bug, you can save the stack trace and share it with me for further analysis.

Upload_Bypass_v2.0.9-offical

The issue with the HTTPs falling back to HTTP when saving the Burp file without the XML format (Copy to file) is now fixed. Thanks to JIgnoul for noticing and notifying me!

Upload_Bypass_v2.0.8-offical

Anti-Malware Test File (Eicar) is upgraded and improved.