This topic contains 1 reply, has 2 voices, and was last updated by iamnemo___ 1 month ago.
- October 21, 2020 at 6:35 pm #321015
I have managed to upload a php webshell to a php server but the uploaded files are accessible using their database uuid.
What I mean is something like:
So there’s no actual extension. I was wondering if it was possible executing the php script given this url (in this case by passing `cmd=<command-here>`)
I have two options: `raw` returns the script in raw format (I can see the code) and `preview` gives a weird preview in image format (filename in a png).
I have tried dropping a `htaccess` file where I tried to execute images as php but nothing happened.
Any suggestions? thanks
- October 21, 2020 at 6:35 pm #321016
What’s the png? Does it take the file and transform it to a png? Or does it render the page then convert it to a png?
You must be logged in to reply to this topic.