All Questions
5 questions
4
votes
2
answers
2k
views
How can nginx run a file with jpg extension as a php file?
I have a follow up question on this answer about executing image files as php. The answer explains that nginx support virtual directories. One can run
www.something.com/blan.php/one/two/3
and one/...
- 43
2
votes
0
answers
779
views
PHP Upload-show images securely [closed]
I've read various posts about how letting users to upload files can create vulnerabilities to your website such as a user injecting php code in an image.
So i've created a small test project where ...
- 121
4
votes
4
answers
901
views
Can valid PHP be written and executed in non-ascii character encodings?
I found a jpeg image on a server that contained the string <?php. The server also hosts an application written in PHP. The contents of the image that come after the string <?php are non-ascii.
...
- 452
0
votes
1
answer
5k
views
How exploiting RCE in jpg file actually works?
I am trying to learn how JPG and PNG files can be used to get RCE. Below is my code for uploading files. It will check if the file content type is correct.
<?php
$test = array('image/jpeg', '...
- 493
1
vote
1
answer
11k
views
Cookie stealing with Redirection
I am trying to steal cookies for learning purpose and for that I have setup an attacker server where my malicious website is running stealing cookies of users and it works when I visit like
http://...
- 201