PHP Upfile FUZZ by evil0x00

View this thread on: hive.blog | peakd.com | ecency.com

cmd · @evil0x00 · Sep 11 '18

$0.05

PHP Upfile FUZZ

## <center>PHP Upfile FUZZ</center>

<center></center>![](https://cdn.steemitimages.com/DQmeTjbXCd1vaVvyQ9bGdEctB6Z9oQQXptXWGLEEV7v8zGn/image.png)

常见模式：

* 1． 直接上传[没有任何过滤]
* 2． 被动过滤[过滤不完全：php3 php4 asa cer …]
* 3． Content-Type
* 4． Null 截断
* 5． Apache 文件解析特性
* 6． PHP RFC1867 Vul
* 7． 后缀大小写规则

👍 root0x00, evil0x00, modemser

`author`	evil0x00
`permlink`	php-upfile-fuzz
`category`	cmd
`json_metadata`	{"tags":["cmd","cn","cn-reade","windows","technology"],"image":["https://cdn.steemitimages.com/DQmeTjbXCd1vaVvyQ9bGdEctB6Z9oQQXptXWGLEEV7v8zGn/image.png"],"app":"steemit/0.1","format":"markdown"}
`created`	2018-09-11 04:28:54
`last_update`	2018-09-11 04:28:54
`depth`	0
`children`	5
`last_payout`	2018-09-18 04:28:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.042 HBD
`curator_payout_value`	0.003 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	293
`author_reputation`	106,257,240,660
`root_title`	"PHP Upfile FUZZ"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,949,328
`net_rshares`	45,163,825,775
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
modemser	210,366,650	1%
evil0x00	18,164,500,908	100%
root0x00	26,788,958,217	100%

@root0x00 · Sep 11 '18

$0.05

求asp aspx审计教程

👍 root0x00, evil0x00

`author`	root0x00
`permlink`	re-evil0x00-php-upfile-fuzz-20180911t134255102z
`category`	cmd
`json_metadata`	{"tags":["cmd"],"app":"steemit/0.1"}
`created`	2018-09-11 13:42:57
`last_update`	2018-09-11 13:42:57
`depth`	1
`children`	4
`last_payout`	2018-09-18 13:42:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.043 HBD
`curator_payout_value`	0.002 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	13
`author_reputation`	75,627,896,971
`root_title`	"PHP Upfile FUZZ"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,987,172
`net_rshares`	44,663,113,811
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
evil0x00	0 B		18,441,117,673	100%
root0x00	0 B		26,221,996,138	100%

@evil0x00 · Sep 12 '18

$0.05

大佬 还要教程啊

👍 root0x00, evil0x00

`author`	evil0x00
`permlink`	re-root0x00-re-evil0x00-php-upfile-fuzz-20180912t022517238z
`category`	cmd
`json_metadata`	{"tags":["cmd"],"app":"steemit/0.1"}
`created`	2018-09-12 02:25:21
`last_update`	2018-09-12 02:25:21
`depth`	2
`children`	3
`last_payout`	2018-09-19 02:25:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.042 HBD
`curator_payout_value`	0.004 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	8
`author_reputation`	106,257,240,660
`root_title`	"PHP Upfile FUZZ"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	71,039,930
`net_rshares`	45,995,177,693
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
evil0x00	0 B		18,072,295,319	100%
root0x00	0 B		27,922,882,374	100%

@root0x00 · Sep 12 '18

$0.05

偶系渣渣辉

👍 root0x00, evil0x00

`author`	root0x00
`permlink`	re-evil0x00-re-root0x00-re-evil0x00-php-upfile-fuzz-20180912t144056968z
`category`	cmd
`json_metadata`	{"tags":["cmd"],"app":"steemit/0.1"}
`created`	2018-09-12 14:41:00
`last_update`	2018-09-12 14:41:00
`depth`	3
`children`	2
`last_payout`	2018-09-19 14:41:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.044 HBD
`curator_payout_value`	0.002 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	5
`author_reputation`	75,627,896,971
`root_title`	"PHP Upfile FUZZ"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	71,088,493
`net_rshares`	44,522,483,504
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
evil0x00	0 B		17,166,563,208	100%
root0x00	0 B		27,355,920,296	100%

2 replies