On Wed, 19 Feb 2020 at 16:42, Bishop Bettini wrote:
> On Wed, Feb 19, 2020 at 10:29 AM Craig Francis
> wrote:
>
>> On Wed, 19 Feb 2020 at 05:23, Bishop Bettini wrote:
>>
>>> On Sun, Feb 16, 2020 at 6:24 PM Craig Francis
>>> wrote:
>>>
Just to check, at the moment, if I was an evil hacker,
On Wed, Feb 19, 2020 at 10:29 AM Craig Francis
wrote:
> On Wed, 19 Feb 2020 at 05:23, Bishop Bettini wrote:
>
>> On Sun, Feb 16, 2020 at 6:24 PM Craig Francis
>> wrote:
>>
>>> Just to check, at the moment, if I was an evil hacker, and was to run:
>>>
>>> curl -F 'file=@example.jpg;filename=../.
On Wed, 19 Feb 2020 at 05:23, Bishop Bettini wrote:
> On Sun, Feb 16, 2020 at 6:24 PM Craig Francis
> wrote:
>
>> Just to check, at the moment, if I was an evil hacker, and was to run:
>>
>> curl -F 'file=@example.jpg;filename=../../../example.php'
>> https://example.com/upload/
>>
>> The $_FILE
On Sun, Feb 16, 2020 at 6:24 PM Craig Francis
wrote:
> Just to check, at the moment, if I was an evil hacker, and was to run:
>
> curl -F 'file=@example.jpg;filename=../../../example.php'
> https://example.com/upload/
>
> The $_FILES['file']['name'] would be set to "example.php", where PHP has
>
Hi,
Just to check, at the moment, if I was an evil hacker, and was to run:
curl -F 'file=@example.jpg;filename=../../../example.php'
https://example.com/upload/
The $_FILES['file']['name'] would be set to "example.php", where PHP has
removed the leading "../../../" (good to see).
Does that happ
