Results 1 to 2 of 2

Thread: uploaded php shell

  1. #1
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    1

    Question uploaded php shell

    I'm trying to learn web app penetration testing. I've got a windows xp virtual machine that allows the HTTP PUT method but filters php files. So I used curl to upload "shell.php%00.jpg" and that worked fine. The problem I'm having now is manipulating the values in the url. Shell.php is just a simple request to cmd. So in the url I'm trying to set the cmd value to ipconfig.

    Browsing to the url gives this:
    http://xxx.xxx.xx.xxx/shell.php%00.jpg

    And the page says: "Bad Request (Invalid URL)"

    Then if I try to modify the url to:
    http://xxx.xxx.xx.xxx/shell.php?cmd=ipconfig%00....

    I get a page not found error.

    I know I'm close, I just can't seem to get this last step to work.

    Anyone know what I'm missing?
    Thanks

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default Re: uploaded php shell

    Access the server and check how the file is called on it.
    Tiocfaidh ár lá

Similar Threads

  1. Integrated Shell
    By Amlord1 in forum Tool Requests
    Replies: 2
    Last Post: 06-04-2010, 09:40 PM
  2. Scripting a shell inside a shell?
    By MAD Industries in forum Beginners Forum
    Replies: 1
    Last Post: 04-03-2010, 09:11 AM
  3. VNC Shell not working in BT4
    By Isohump in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 8
    Last Post: 11-11-2009, 01:08 PM
  4. Shell question
    By pieface in forum OLD Newbie Area
    Replies: 4
    Last Post: 01-25-2009, 11:18 AM
  5. I have a shell
    By BigMac in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-01-2008, 10:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •