Say, there's an upload function where users are supposed to upload images only. However, it's possible to upload arbitrary files bypassing the restriction.
Say, I uploaded a shell (aspx) and requested the corresponding resource. As I've read, it's possible to execute such shell code in some scenarios. The server, however, is setting a Content-Type response header as image/png.
I also Googled, and found that it's possible to execute php code by embedding php code directly into the JPEG image. So, my question here is;
- Does the server executes server side code despite Content-Type header?
- If not, in what cases it's possible to execute codes directly instead of by embedding it inside the image?
- Is there any similar way for aspx codes?
The first question, as it appears to me, isn't it the server which sets the Content-Type header? So, I believed the code should have executed before the page is rendered.
Please, help me clear things.