Collaborate Disseminate
So I found a file uploader on example.com. The file uploader accepts every file extension and the file is uploaded inside the directory
/temp/random-numeric-id.php
I tried to upload a php file and it got uploaded, however w… Continue reading How can I inject real php code into this website?
when i am trying to upload a file on target device my session will shown these error ” Error running command upload: Errno::ENOENT No such file or directory @ rb_file_s_stat – desktop/script.sh what is the solution for these … Continue reading uploading error [on hold]
I was able to bypass file upload restriction on an application. I uploaded a dummy php file on the server, I found the URL where it is on the server by looking at the response but it didn’t executed. It showed me the source c… Continue reading Is there any file extension which executes by itself or is considered malicious even if its at server?
I just wanted to know if its possible…
If i have an image i.e abc.jpeg and i rename it to an XSS vector such as <img src=x onerror=alert(1)>.jpeg will it successfully produce the XSS or is there actually another way t… Continue reading Is it possible to get XSS through uploading an image via the filename?
Say you have a website which takes file uploads of a certain type and places them in a subdirectory (let’s call it “videos”) in the web root.
I have heard from various sources that trusting uploaded files is never safe, beca… Continue reading Is storing files under a web server root unsafe if it is handled by PHP and blocked by the web server site configuration file?
How to exploit a file upload which is taking multiple files and create a zip file for download ?
I recently built a Downloads Manager that will debut though before I do so I want to know what file extensions I should explicitly disallow from being accepted?
Running LAMP/WAMP the most obvious I’ve come up with since the … Continue reading File extensions that should NOT be allowed to be uploaded
After uploading a shell to a .net site (.aspx extensions) and get it to work, is there any way to execute a command through that shell to prevent the upload of any other shell?
Continue reading How to lock IIS server files through a shell?
I have a follow up question on this answer about executing image files as php. The answer explains that nginx support virtual directories. One can run
www.something.com/blan.php/one/two/3
and one/two/3 will be virtual sub… Continue reading How can nginx run a file with jpg extension as a php file?
I’m modifying an ASPNET MVC 5 web site and a requirement is to allow users to upload an XML and PDF file.
The XML file will be used to layout text on the PDF based on variables coming from within the system.
I have a schema for the XML … Continue reading Risks of allowing users to upload PDF and XML files to be stored/retrieved from a DB (ASPNET MVC 5)