Dashboard Articles Playground Discussions More
Follow

[Help?] File upload vulnerability

jepwei
4 years ago

0

I’ve successfully uploaded a php file on a server I’m auditing. I’m also able to locate the file. However, the PHP file does not execute when I go to the URL, instead the file is downloaded.

Does this mean that my php file isn’t an executable on the server? How should I proceed?

2replies
3voices
216views
dimooz
4 years ago | edited 4 years ago

0

The server you’re auditing, does it run other websites correctly? your problem could come from a wrong server configuration, i.e. you didn’t activate the mod_php on an apache server. That could also come from a wrong file header (or encoding) that prevents the server to correctly run the content (i.e. the “content-type” header tag). Not sure that’s a “rights” issue, but you could also check what are the file properties and compare them to the one from another file that runs correctly on your server. I hope that helps.

 

Image

H4l3yQ
4 years ago

0

Can you check is the server run php or not? This problem might be simply because that server was not configured to run php, so it can not execute your php file.

You must be logged in to reply to this discussion. Login
1 of 3

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss