Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-07-05 18:01:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
88d5af0b19
PayloadsAllTheThings/Upload insecure files/Busybox httpd.conf
History
Meatballs1 20c6bb2299
Update httpd.conf
2018-12-14 00:03:50 +00:00
..
httpd.conf Update httpd.conf 2018-12-14 00:03:50 +00:00
README.md Create README.md 2018-12-14 00:02:58 +00:00
shellymcshellface.sh Create shellymcshellface.sh 2018-12-13 23:58:24 +00:00

README.md

If you have upload access to a non /cgi-bin folder - upload a httpd.conf and configure your own interpreter.

Details from Busybox httpd.c

abbf17abcc/networking/httpd.c (L60)

*.php:/path/php # run xxx.php through an interpreter`

If a sub directory contains config file, it is parsed and merged with any existing settings as if it was appended to the original configuration.

Watch out for Windows CRLF line endings messing up your payload (you will just get 404 errors) - you cant see these in Burp :)