|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 62
Members: 0
Total: 62
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Hacking upload scripts |
|
Posted: Mon Aug 03, 2009 8:39 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
So I've been thinking of a way to hack upload scripts, was wondering if anyone knows if changing the Content-Type of a file would make it possible to get around a simple Content-Type check?
For example if the server checks for types like "application/octet-stream" to filter out people uploading php files, one could just change the type to something they do accept? Would this let you upload your code and run it?
Lastly, how does one change the Content-Type in php. I've briefly looked at it but not sure how I would apply it to be able to upload files. Perhaps if I use libcurl? |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|