I assume that it is a mis-configuration of the server. It is pre-processed, where the server takes the PHP bits and evaluates them, adding the output to the data returned as part of the HTTP response packets.īut it seems that the server runs it if it is a php file. What I expect is that what is under uploads folder is just downloaded without considering what type it is. It may, e.g., be a REST address without any corresponding files for it. The server then handles it and returns the answer. When we put something in address bar and press go, a GET request is sent. I don’t think this is a correct explanation. However that is not a misconfiguration php is behaving exactly as it said: Sometimes through directory traversal it is possible to interact with executables directly.īut yes, for a php file the execution is handled by php on the server. It would also depend on what is being called. I assume that it is a mis-configuration of the server.Īs I said it is a gross oversimplification of what happens, however for a visual example provides a good enough representation at a basic level. But it seems that the server runs it if it is a php file. Really what I am getting at is that a webserver is no different than your machine or mine. Thats kind of a simple explaination, Taz eludes to reasons files will not execute but it gives you the gist of it. ![]() You are making calls to the file in both instances, just one is being done remotely. Likewise, going to /uploads/?.php would execute your shell. If you were to go into your terminal and type /bin/python3
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |