Skip to content

Upload_Bypass_v3.0.3-dev
Compare
Choose a tag to compare
@sAjibuu sAjibuu released this 27 Feb 22:33
· 34 commits to main since this release
v3.0.3#dev
d61970f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's Changed

Updates of version 3.0.3:

  1. Added 2 new modules:

  • Stripping Extension:
    Severs might strip forbidden extensions, for example .php will be stripped from the filename. Therefore, the program will try to upload filename.p.phphp which results in filename.php

  • Discrepancy:
    URL encoding (or double URL encoding) for dots. If the value isn't decoded when validating the file extension, but is later decoded server-side, this can allow to upload malicious files that would otherwise be blocked. Ex: exploit%2Ephp (Front-end) = exploit.php (Back-end)

  1. Code is fixed and optimized.
  2. Fixed rate limiting issue
  3. Fixed a bug in the code and fixed the trailing dot in the file extensions.

Full Changelog: v3.0.2#dev...v3.0.3#dev

Assets 3
Loading