You are performing a web application penetration test for a client that uses a custom content management system (CMS). During the initial reconnaissance, you identify that the CMS has a file upload feature that accepts JPEG images. You suspect that the application may be vulnerable to unrestricted file upload, allowing you to upload a malicious PHP script to gain remote code execution. However, the application validates file extensions and checks the MIME type of the uploaded file. You have access to Burp Suite and a Python environment. Which of the following approaches is most likely to successfully bypass the file upload restrictions and achieve remote code execution?
Polyglot files can pass MIME type checks while containing executable code.
Why this answer
Option B is correct because appending PHP code to a valid JPEG image (polyglot) can bypass MIME type checks and extension filters if the application only inspects the magic bytes. Option A is wrong because changing the extension to .php.jpg will likely be rejected by the extension whitelist. Option C is wrong because curl's --data-binary is not designed for file upload with multipart/form-data.
Option D is wrong because base64 encoding the payload does not change the content type and will still be detected as PHP.