You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1.login as admin
2.visit website setting
upload type add PHP (space)
because Windows will remove the space so by pass suffix check
3.upload a php file like name info.PHP
filename add a space
you can see upload success
4.visit the link
you can see php code was execute
becaue at data/httpfile/upload.class.php
you do not check the input filename
1.login as admin
2.visit website setting
upload type add PHP (space)
because Windows will remove the space so by pass suffix check
3.upload a php file like name info.PHP
filename add a space
you can see upload success
4.visit the link
you can see php code was execute
becaue at data/httpfile/upload.class.php
you do not check the input filename
so trim(filename) can help you
author by [email protected]
version 5.6
The text was updated successfully, but these errors were encountered: