gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

PrivEsc - sudoers + Upload PHP

Browse Source
This commit is contained in:
Swissky
2019-09-02 12:36:40 +02:00
parent 3ca07aeb7a
commit 2b1900e046
5 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Upload Insecure Files/README.md
View File

@@ -54,8 +54,17 @@ Coldfusion: .cfm, .cfml, .cfc, .dbm
### Upload tricks
- Null byte (eg: shell.php%00.gif, shell.php%00.png), works well against `pathinfo()`
- Null byte (works well against `pathinfo()`)
* .php%00.gif
* .php\x00.gif
* .php%00.png
* .php\x00.png
* .php%00.jpg
* .php\x00.jpg
- Mime type, change `Content-Type : application/x-php` or `Content-Type : application/octet-stream` to `Content-Type : image/gif`
* `Content-Type : image/gif`
* `Content-Type : image/png`
* `Content-Type : image/jpeg`
### Picture upload with LFI