reparto wrote:Aren't the regex functions in PHP essentially acting as a wrapper for the c standard library? If so then I don't think there is anything you can do
EDIT:
You could try putting a null byte in the filename (i.e. filename.php\0.ext) not sure if the file will upload properly
Yeah I have no doubt that the regex works properly, but there might be some "trick" to going around it ^^.
Yeah already tried with null byte : ( ... didn't work.
did u try using an extension not recognized by regex , well I understand well php but not regex what I mean is the following trick
file.php.blablablah , apache doesn t recognize .blablablah extension so it will move away in the name looking for an extension that he knows , not sure if this help, hope it will or at least give another idea
scatter wrote:did u try using an extension not recognized by regex , well I understand well php but not regex what I mean is the following trick
file.php.blablablah , apache doesn t recognize .blablablah extension so it will move away in the name looking for an extension that he knows , not sure if this help, hope it will or at least give another idea
hmm not sure
I have tried another random extension though, and it just treated it as text.
But yeah, one option I have been considered a lot is the possibility of an alternative extension that they missed.
Although I think they actually covered it all unfortunately : P
On Apache servers (and possibly others, I am not sure how widely adopted it is) there is a scripting language available known as server side includes, its commonly used as an alternative to:
It also has other functions such as providing some access to a command line (same permission level as the server i think) and you can print system variables and run CGI scripts. Obviously this can leave a gaping security hole and I wouldn't be surprised if most server have it turned off since I can't see why you would use it.
I just remembered I asked about .shtml here but now I came up with a new question. What do you think of SSI (server side include). on google I found many think its a rare vuln but by talking to some people they said they encountered it many times so what do u think about it?