Friday 1 March 2013

How To Upload A Shell In Web Applications

How To Upload A Shell In Web Applications

Most of the people will exploit servers with file upload vulnerability , as it is very simple to find out this exploit by an simple dork

inurl:upload.php or  inurl:upload.html
Now you have upload a shell file in the upload option. Normally upload option of an web Apps never accepts php files, as most of the shells are php.
In order to upload php shell in web apps follow these steps
  1. Rename the shell abc.php to abc.php.txt and upload that shell and run the /path/xyz.php.txt
  2. Rename the shell as abc.php.xyz which will bypass a simple filter on .php and Apache will still use .php as extension; since this configuration it doesn't have handler for .xyz
  3. Rename the shell as .php3 and upload it to server(web apps).
Posted by at
Labels: , ,

3 comments:

  1. Spam Leads1 July 2020 at 14:48

    Hey Guys !

    USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  2. jane holly17 July 2020 at 20:28


    This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete
  3. No Name17 August 2020 at 16:50

    Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)