Apache
Apache
Last updated
Was this helpful?
Apache
Last updated
Was this helpful?
Following this excellent article on ways to bypass upload vulnerabilities
We can craft a .htaccess file to bypass uplaods:
└─$ cat .htaccess
AddType application/x-httpd-php .dork
This creates an entry for the upload directory with a new, custom filetype under the name `.dork`
Now we should be able to upload a shell with a .dork extension and be able to run PHP on the web server!