From 1d6b34ace59266fab7d7d2946ea1c918e03babd6 Mon Sep 17 00:00:00 2001 From: Meatballs1 Date: Fri, 14 Dec 2018 00:02:58 +0000 Subject: [PATCH] Create README.md --- Upload insecure files/Busybox httpd.conf/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 Upload insecure files/Busybox httpd.conf/README.md diff --git a/Upload insecure files/Busybox httpd.conf/README.md b/Upload insecure files/Busybox httpd.conf/README.md new file mode 100644 index 0000000..67f71a6 --- /dev/null +++ b/Upload insecure files/Busybox httpd.conf/README.md @@ -0,0 +1,11 @@ +If you have upload access to a non /cgi-bin folder - upload a httpd.conf and configure your own interpreter. + +Details from Busybox httpd.c + +https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/networking/httpd.c#L60 + +> *.php:/path/php # run xxx.php through an interpreter` + +> If a sub directory contains config file, it is parsed and merged with any existing settings as if it was appended to the original configuration. + +Watch out for Windows CRLF line endings messing up your payload (you will just get 404 errors) - you cant see these in Burp :)