TRANSLATE

English French German Spain Italian Dutch Russian Portuguese Japanese Korean Arabic Chinese Simplified

Selasa, 16 Agustus 2011

PHP Arbitrary File Upload Simple Patching

saya akan membahas tentang cara simple mempatch PHP Arbitrary File Upload
















Kebanyakan website yang vuln diupload memiliki garis besar seperti ini:

Contoh simple upload.php file upload.




Contoh form yang dipake dalam file index untuk upload:

Select the file to upload:


Disini tidak ada code yang memfilter upload filetype.
Jadi kita bisa langsung saja upload: shell.php

Patching yg bisa dilakukan adalah menambahkan filter filetype dalam script upload.php
Contohnya:




Untuk “images/gif” bisa diganti dengan “images/jpg” dll…

Kita liat backgound request uploadnya

POST /upload.php HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: localhost User-Agent: libwww-perl/5.803 Content-Type: multipart/form-data; Content-Length: 156 Content-Disposition: form-data; name="userfile"; filename="shell.php" ... ... - HTTP/1.1 200 OK Date: Thu, 31 May 2007 13:54:01 GMT Server: Apache X-Powered-By: PHP/5.2.2-pl6-gentoo Connection: close Content-Type: text/html Sorry, we only allow uploading GIF images


happy
Patching..
....................................................................................


0 komentar:

Posting Komentar

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More