# Web Pentesting

## Methodology

{% embed url="<https://www.youtube.com/watch?v=uKWu6yhnhbQ>" %}

{% embed url="<https://www.youtube.com/watch?v=MIujSpuDtFY&list=PLKAaMVNxvLmAkqBkzFaOxqs3L66z2n8LA>" %}

## Adding a null byte

```
%00
%2500  //after url encoding
```

## Upload restriction bypass

add **FF D8 FF DB** in hex editor of files or adding **GIF89a or GIF87**; may also work&#x20;

```
hexeditor \\installed in kali
```