File Upload Vulnerability
A, client check
The title is the first to see the client-side validation
BURP with packet capture, because it is the client's test, directly to the file suffix caught package .png into .php
After sending bypass find success, successful upload
二、MIME type
MIME type Burp tools to help or to use
The content type into a png file header file header
Nothing else needs to change, click Send you will find that file uploaded successfully, MIME bypass success