Paid Advertising is
ha.ckers sla.cking
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
problem in upload a shell
Posted by: mpour
Date: July 18, 2012 02:42AM


few days ago i found a site that i could upload a file(jpg,....). i had to encode my shell code and then uploaded,because the site checks files and it can diagnose a content of files.
so I uploaded(by encoding my shell).now i don't know how i can use my there any way to bypass it?

Options: ReplyQuote
Re: problem in upload a shell
Posted by: infinity
Date: July 22, 2012 01:54PM


what do you mean by encoding? Something like putting the PHP code of a web shell in base64 encoded form into a GIF or JPEG image and upload that?

If it is supposed to be a pure image file upload, the uploaded files may be saved with an image file extension (like .gif or .jpg) on the server and they will not be parsed for PHP code by the server. An old trick, which really should not work anymore today, is to upload an .htaccess file through the image upload which changes the configuration of the server to treat files with a .gif file extension as PHP files.

If you cannot trick the server into executing the code included in your image file, you have only uploaded a weird image file.

Options: ReplyQuote

Sorry, only registered users may post in this forum.