Since we have been talking about file uploading vulnerabilities pretty recently.
Here is my article about my work around that specific area.
http://blog.alcor.se/index.php/2014/08/ ... g-dangers/" onclick="window.open(this.href);return false;
Uploading dangers
Uploading dangers
"The best place to hide a tree, is in a forest"
Re: Uploading dangers
Interesting article. Actually pretty awesome, good work
Re: Uploading dangers
Thanksmaboroshi wrote:Interesting article. Actually pretty awesome, good work
"The best place to hide a tree, is in a forest"
Re: Uploading dangers
Nice one cats but we still couldn't solve this one http://code.suck-o.com/42565" onclick="window.open(this.href);return false; , I think this close to perfection
Re: Uploading dangers
Good that you reminded me.scatter wrote:Nice one cats but we still couldn't solve this one http://code.suck-o.com/42565" onclick="window.open(this.href);return false;" onclick="window.open(this.href);return false; , I think this close to perfection
Will take it with me to the office today and see if we can figure out how to break it.
"The best place to hide a tree, is in a forest"
Re: Uploading dangers
thx coz even if it's just from a training material but I spent days trying to figure out a way but yet every time I remember it gives me headache :p
Re: Uploading dangers
Ha finally bypassed shell.php%00.jpg the only thing it need is null bytes >.<
Re: Uploading dangers
Hmm that's strange.scatter wrote:Ha finally bypassed shell.php%00.jpg the only thing it need is null bytes >.<
That's an old vulnerability and was patched 3 years ago.
What version of PHP are you on?
"The best place to hide a tree, is in a forest"
Re: Uploading dangers
using PHP 5.4.4
Re: Uploading dangers
That's odd and interesting.scatter wrote:using PHP 5.4.4
I'll take a look at that and see if it indeed still works in some cases.
"The best place to hide a tree, is in a forest"
Re: Uploading dangers
Well my version is newer than yours ( PHP/5.5.9-1ubuntu4.3).
But it should have been patched in your version as well, so it's odd.
Either way I can't reproduce it locally.
As expected I only get a file named "test.php%00.jpg" that will be handle as a normal jpg.
But it should have been patched in your version as well, so it's odd.
Either way I can't reproduce it locally.
As expected I only get a file named "test.php%00.jpg" that will be handle as a normal jpg.
"The best place to hide a tree, is in a forest"