Tampering data we use it when we have access to the admin panel. Then we try to upload our shell but it doesn't allow it to upload the shell as extension .php or .asp Then we are not able to deface it. In that case we use Data Tampering to upload our shell and make it perfectly executable. By Data Tampering we can change the file extension by the Add on of the Firefox called ” Data Tamper ".
Things required for Data Tampering
So lets start
- First of all install the Data Tamper add on in FireFox. Then login to the site where you want to upload shell.
- Go to the place where you can upload the image. In my case it is in the product category>edit product.
- Now click on Browse>select your shell location ( Must be in .jpg, .png, .gif ) like anything.jpg before clicking the upload button open the Data Tamper and click on start tamper then click on upload the image. You will get the pop up click on Tamper.
- After that You will get the Post Data in the right column copy that all and paste that in the Note-Pad. now look for the extension of your file name in my case that is ” .gif ” and it is on the last line change that with .php and copy that all and paste that in the Post Data and click on Now copy the location of your shell and you will see that the extension has been changed to php.
Now open your shell and deface the site . I hope this tutorial will be useful for you and don’t forget to share it.