Uploading dangers

[ayu]

Since we have been talking about file uploading vulnerabilities pretty recently.
Here is my article about my work around that specific area.

http://blog.alcor.se/index.php/2014/08/ ... g-dangers/" onclick="window.open(this.href);return false;

[maboroshi]

Interesting article. Actually pretty awesome, good work

[ayu]

Interesting article. Actually pretty awesome, good work

Thanks

[scatter]

Nice one cats but we still couldn't solve this one http://code.suck-o.com/42565" onclick="window.open(this.href);return false; , I think this close to perfection

[ayu]

Nice one cats but we still couldn't solve this one http://code.suck-o.com/42565" onclick="window.open(this.href);return false;" onclick="window.open(this.href);return false; , I think this close to perfection

Good that you reminded me.
Will take it with me to the office today and see if we can figure out how to break it.

[scatter]

thx coz even if it's just from a training material but I spent days trying to figure out a way but yet every time I remember it gives me headache :p

[scatter]

Ha finally bypassed shell.php%00.jpg the only thing it need is null bytes >.<

[ayu]

Ha finally bypassed shell.php%00.jpg the only thing it need is null bytes >.<

Hmm that's strange.
That's an old vulnerability and was patched 3 years ago.
What version of PHP are you on?

[scatter]

using PHP 5.4.4

[ayu]

using PHP 5.4.4

That's odd and interesting.
I'll take a look at that and see if it indeed still works in some cases.

[ayu]

Well my version is newer than yours ( PHP/5.5.9-1ubuntu4.3).
But it should have been patched in your version as well, so it's odd.
Either way I can't reproduce it locally.

As expected I only get a file named "test.php%00.jpg" that will be handle as a normal jpg.