Friday, 1 March 2013

How To Upload A Shell In Web Applications

How To Upload A Shell In Web Applications

Most of the people will exploit servers with file upload vulnerability , as it is very simple to find out this exploit by an simple dork

inurl:upload.php or  inurl:upload.html
Now you have upload a shell file in the upload option. Normally upload option of an web Apps never accepts php files, as most of the shells are php.
In order to upload php shell in web apps follow these steps
  1. Rename the shell abc.php to abc.php.txt and upload that shell and run the /path/xyz.php.txt
  2. Rename the shell as abc.php.xyz which will bypass a simple filter on .php and Apache will still use .php as extension; since this configuration it doesn't have handler for .xyz
  3. Rename the shell as .php3 and upload it to server(web apps).

No comments:

Post a Comment