admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Syntax Highlighting SSTI

Browse Source
This commit is contained in:
Swissky
2025-11-15 17:11:42 +01:00
parent 5c0ee4c6d9
commit 832b54fd95
4 changed files with 30 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Upload Insecure Files/README.md
View File

@@ -102,6 +102,7 @@ Other extensions that can be abused to trigger other vulnerabilities.
* Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`.
* Slash: `file.php/`, `file.php.\`, `file.j\sp`, `file.j/sp`
* Multiple special characters: `file.jsp/././././.`
* UTF8 filename: `Content-Disposition: form-data; name="anyBodyParam"; filename*=UTF8''myfile%0a.txt`
* On Windows OS, `include`, `require` and `require_once` functions will convert "foo.php" followed by one or more of the chars `\x20` ( ), `\x22` ("), `\x2E` (.), `\x3C` (<), `\x3E` (>) back to "foo.php".
* On Windows OS, `fopen` function will convert "foo.php" followed by one or more of the chars `\x2E` (.), `\x2F` (/), `\x5C` (\) back to "foo.php".