[ASK] About Uploading Shell VIA JPG Tamper Data

[galihlprakoso]

Hello Master, I have a problem when i tried to Upload my shell..

I've already uploaded my shell .JPG in to the Site via Tamper Data i've changed it into PHP. The Problem is i don't know the path of that image. The image is exist but can't display because i know that is my shell.

The Problem is the URL of The Image folder is hidden by URL. The URL is not like this "images/name-of-the-image.jpg" but "ImageID=1011" the image is requested by Get system. This website is running in java.

I just want you to help how to see the real path of the Hidden Image folder?
sorry for my bad english. Thanks 

[Kulverstukas]

Well, normally you just check the source or copy an image link... if it's all Java, then you'll need to either sniff it somehow or guess.

[jefrey.sobreira]

Try putting invalid chars on the ImageID parameters. Perhaps the site will throw an error from the server side saying that this file wasn't found for reading (not error 404). However, meaningful errors are more usual in PHP..

[ekevjn]

Try "ImageID=1011/whateveryouwant.php" 
       "ImageID=1011?whateveryouwant.php" 
      "ImageID=1011&whateveryouwant.php"
 Goodluck