uploaded php shell

[praemitto]

I'm trying to learn web app penetration testing. I've got a windows xp virtual machine that allows the HTTP PUT method but filters php files. So I used curl to upload "shell.php%00.jpg" and that worked fine. The problem I'm having now is manipulating the values in the url. Shell.php is just a simple request to cmd. So in the url I'm trying to set the cmd value to ipconfig.

Browsing to the url gives this:
http://xxx.xxx.xx.xxx/shell.php%00.jpg

And the page says: "Bad Request (Invalid URL)"

Then if I try to modify the url to:
http://xxx.xxx.xx.xxx/shell.php?cmd=ipconfig%00....

I get a page not found error.

I know I'm close, I just can't seem to get this last step to work.

Anyone know what I'm missing?
Thanks

[KMDave]

Access the server and check how the file is called on it.