https://github.com/mukundan314/gci-file-upload-ace
https://github.com/mukundan314/gci-file-upload-ace
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/mukundan314/gci-file-upload-ace
- Owner: Mukundan314
- Created: 2020-01-03T15:52:13.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-01-03T15:52:27.000Z (over 5 years ago)
- Last Synced: 2025-01-31T11:50:02.289Z (3 months ago)
- Language: PHP
- Size: 9.77 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## PHP code execution
If the server uses php and execution of php is not disabled for the uploads
directory then php code can be executed on the server just by uploading a php
file. this can be prevented by disallowing php execution on directory that
uploads are stored or by disallowing uploading of files with a .php extension
For example on apache php execution can be disabled for a directory by adding
something like the following to your apache config:
```
php_admin_value engine off
```
## File Modification
If the server joins paths without escaping the filename then any file on the
system can be overwritten if the server was run as root, this method can be
used to create cron jobs. allowing the attacker to run any code on the server.
sending sever files with `/` in their names with curl:
```
curl --form 'file=@local_filename;filename=../test' http://127.0.0.1:5000/upload
```