Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug Filename bypass leading to Remote Code Execution
To Reproduce Steps to reproduce the behavior:
a<?php phpinfo();?>
shell.php..
files/shell.php
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered:
Hi there,
It did indeed create a shell.php file on the filesystem but the file is empty. Do you have the same problem ?
shell.php
Elfinder version : 2.1.60
Sorry, something went wrong.
@Bingoyyj It seems that the Windows server treats it as if there is no dot at the end of the file name. However, the control with the extension doesn't seem to work, so I'll fix this.
[security] fix Studio-42#3458 filename bypass leading to RCE on Windo…
41ebea8
…ws server Windows servers do not allow "." (Dots) at the end of a file name.
69be51e
nao-pon
No branches or pull requests
Describe the bug
Filename bypass leading to Remote Code Execution
To Reproduce
Steps to reproduce the behavior:
a<?php phpinfo();?>named shell.php, Note: the letter 'a' at the beginning of the content cannot be omitted.shell.php...files/shell.php.Screenshots

Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: