Re: Directory Traversal on File Upload




In regards to the .htaccess suggestion, I tried uploading my own one with the
following:

AllowOverride All
AddType application/x-httpd-php5 .htm .html .php .blog .comment .inc
DirectoryIndex try.php
Options +Indexes +MultiViews +FollowSymlinks
allow from all

but still no luck. I'm now questioning whether or not my file is actually
being uploaded too (it might just be a bug in the code that always says the
file has been uploaded). Even if i try to access a file that doesn't exist
such as "/thisfiledoesntexist.php" i still get the 502 error message which
is what is making me question whether the upload worked.

Could you elaborate more on how you would do your first suggestion. Because
this has crossed my mind I struggled to make it work. My javascript
injections didn't seem to work and i think this was because the form field
type is "file". And also, the file is local on my machine so is it meant to
look like "../C:/blah/blah/blah.php"?


Adam Mooz wrote:

Out of curiosity, have you tried setting the upload path to
"./../hostile.script", or "../hostile.script"? Or uploading your own
.htaccess file to override the noexec directive?


--
View this message in context: http://old.nabble.com/Directory-Traversal-on-File-Upload-tp32171687p32177175.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------