Web - Server

Friday 15 June 2018, 23:58  #1
Web - Server File upload - null byte
am0123
am0123
  • 5 posts

Hello
I uploaded a gif image that includes a php code, but It seems that the server doesn’t send gif file to the php interpreter.
I tried to insert \x00 in the file name aa.php[X].gif but it didn’t work.
I tried to use the url null inside the filename, but no results. Any use of special characters results on the rejection of the uploaded file.
the suggested documentation doesn’t give any help to solve the problem.
any hints ?
Kind regards.

Saturday 16 June 2018, 14:05  #2
Web - Server File upload - null byte
Th1b4ud
Th1b4ud
  • 1636 posts

Search on internet what is null byte. You can also test with jpeg and png

Saturday 16 June 2018, 18:02  #3
Web - Server File upload - null byte
am0123
am0123
  • 5 posts

I followed that article http://www.madirish.net/401, but I didn’t get a result
Am I in the right way ?

Saturday 16 June 2018, 21:51  #4
Web - Server File upload - null byte
Th1b4ud
Th1b4ud
  • 1636 posts

There is nothing usefull in your doc. Read something else

Sunday 17 June 2018, 13:11  #5
Web - Server File upload - null byte
am0123
am0123
  • 5 posts

I did it ! it was easier than I expected.
Thank you :)

I’ve a question : is it normal that the file names with more the one dot are rejected ?

Saturday 14 December 2019, 22:13  #6
Web - Server File upload - null byte
vic_s
vic_s
  • 1 posts

I was stuck with bad request trying to access the uploaded file. Guess you can’t have certain characters in the file name

Tuesday 31 October 2023, 14:52  #7
Web - Server File upload - null byte
Gelassen
Gelassen
  • 3 posts

I was managed to upload php code with null byte technique ```./galerie/upload/75aa2ff0481cf05d8ab72d603fd591e9/php-shell-2.php%00.png```, but access to this url gives bad request error (400 code).

Do you have good suggestion for this case?

New reply New reply   New topic New topic