Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
phpMyAdmin 4.8.x LFI to RCE -- encoding not required #1
I had no other way of contacting you so I thought I'd add something in here.
In this post regarding the LFI in phpMyAdmin, you mention the following:
When reading the source this line confused me because the check didn't seem to rely on encoding at first, and the file system inclusion doesn't care about question marks anyway.
In short, you don't need to encode twice, or even once. The exploit appears to work without encoding at all, or with a single round.
I thought I'd share so that perhaps you can update the post. I think the mention of double-encoding makes understanding the issue a little more confusing.
Hi @OJ ,
Sorry,I think we need a double-encoding %253f. I run the environment in my windows,.
when I just enter
Only when I use the double-encoding, the
I run the php code
So I think on the windows we need double-encoding %253f, on the linux we don't need encoding.
Please give me a lot of advice.
Thanks @m3lon . I got a reference: https://docs.microsoft.com/en-us/windows/desktop/FileIO/naming-a-file
The (?) question mark is one of the reserved characters in windows, so the path contains '?' is considered as a invalid path in windows.