iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Bypassing .php Upload Filters (shells)
  • Xin
    Posts: 3,251
    Just a quick tutorial on how to bypass the .php file upload filters when uploading shells

    Method 1:
    Rename Shell to shell.php.jpg rather than shell.php
    It makes it look like an image but can still be execute in the URL.

    Method 2:
    Upload a simple uploader shell first that isnt detected by Antivirus and firewalls,

    Method 3:
    This method is more advanced and i found it the other day, this only works for client side filters rather than server side, but download firebug for firefox, then edit the html of the upload 

    <form enctype=\"multipart/form-data\" action=\"uploader.php\" method=\"POST\">
    Upload DRP File:
    <input name=\"Upload Saved Replay\" type=\"file\" accept=\"*.jpg\"/><br />
    <input type=\"submit\" value=\"Upload File\" />
    </form>


    Change the filter accapt. to *.* or just remove it completely , it will then let you upload any time of file.
    Xin
  • undead
    Posts: 822
    Nice tut xinapse!
  • Xin
    Posts: 3,251
    Thanks just a little mini one as i found that method the other day
    Xin
  • chroniccommand
    Posts: 1,389
    Well these don't always work. The site will have to have been coded by somebody who can't code PHP for his/her life.
  • Xin
    Posts: 3,251
    Yeah thats why i said client side apps only XD
    Xin
  • Bursihido
    Posts: 406
    nice tutorial bro :) thanks
  • BavarianDZ
    Posts: 12
    Well client side checks are used to make the site/forms more fluent rather than to secure it. Ex. check if username already does exist and tell you without having to submit the whole form and wait.

    Another method to bypass some server side checks is to edit the shell code and add at the beginning before the < GIF89;a.
    Also you could use an intercepting proxy like w3af,Burp proxy... and change the data type... works like a charm in many situations ;)
  • Xin
    Posts: 3,251
    said:


    Well client side checks are used to make the site/forms more fluent rather than to secure it. Ex. check if username already does exist and tell you without having to submit the whole form and wait.

    Another method to bypass some server side checks is to edit the shell code and add at the beginning before the < GIF89;a.
    Also you could use an intercepting proxy like w3af,Burp proxy... and change the data type... works like a charm in many situations ;)



    You should write a tut on it i havent heard of that method ;)
    Xin
Add a Comment