Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Update tools/upload.php #26

Merged
merged 1 commit into from

2 participants

@SleepIT

Verify user is logged in before uploading files to prevent remote code execution (http://packetstormsecurity.org/files/117070/projectpier-exec.txt)

I'm positive there is a better way to accomplish this but this is what I'm using in the interim.

@SleepIT SleepIT Update tools/upload.php
Verify user is logged in before uploading files to prevent remote code execution (http://packetstormsecurity.org/files/117070/projectpier-exec.txt)

I'm positive there is a better way to accomplish this but this is what I'm using in the interim.
09ec28b
@SleepIT

After more review, I can't even find where this file is used. Unless I'm wrong, it should be removed.

@phpfreak phpfreak merged commit 790dc0a into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 24, 2012
  1. @SleepIT

    Update tools/upload.php

    SleepIT authored
    Verify user is logged in before uploading files to prevent remote code execution (http://packetstormsecurity.org/files/117070/projectpier-exec.txt)
    
    I'm positive there is a better way to accomplish this but this is what I'm using in the interim.
This page is out of date. Refresh to see the latest.
Showing with 20 additions and 14 deletions.
  1. +20 −14 tools/upload.php
View
34 tools/upload.php
@@ -1,20 +1,26 @@
-<?php ?><html>
+<?php
+if (isset($_COOKIE['pp088pp_']))
+{
+echo "<html>
<body>
-
-<form action="upload_file.php" method="post"
-enctype="multipart/form-data">
-<label for="folder">Folder:</label>
-<input type="text" name="folder" id="folder" />
+<form action=\"upload_file.php\" method=\"post\"
+enctype=\"multipart/form-data\">
+<label for=\"folder\">Folder:</label>
+<input type=\"text\" name=\"folder\" id=\"folder\" />
<br />
-<label for="file">Filename:</label>
-<input type="file" name="file" id="file" />
+<label for=\"file\">Filename:</label>
+<input type=\"file\" name=\"file\" id=\"file\" />
<br />
-<label for="part">Part:</label>
-<input type="text" name="part" id="part" />
+<label for=\"part\">Part:</label>
+<input type=\"text\" name=\"part\" id=\"part\" />
<br />
-<input type="submit" name="submit" value="Submit" />
+<input type=\"submit\" name=\"submit\" value=\"Submit\" />
</form>
-
</body>
-</html>
-<?php ?>
+</html>";
+}
+else
+{
+header("Location: /index.php");
+}
+?>
Something went wrong with that request. Please try again.