GitHub Community
Seeking Assistance: Exploiting Potential Vulnerabilities in PHP File Upload #128784
Replies: 2 comments
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
The answer i was Looking For thank you my friend for all your information |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
Hello,
I'm working with a PHP file upload script and I'm trying to understand potential vulnerabilities, specifically how to send a payload or exploit the script without actually needing to execute an uploaded file. Here is the PHP code I'm working with:
`php
'; echo ''; if( $_POST['_upl'] == "Upload" ) { if(@array($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'File Uploaded!!Copy code
'; } else { echo 'Fail To Upload File!!!
'; } } ` Goal: I want to understand if there's a way to inject a payload (like RCE or similar) through the existing form without requiring the uploaded file to be executed. Is there a known method to exploit this kind of PHP script without file execution? Ps: I'm not sure if this is the right place to ask. Also I'm new to this, so please don't judge
Beta Was this translation helpful? Give feedback.
All reactions