Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
X
X
XenK2015-06-16 20:26:52
PHP
XenK, 2015-06-16 20:26:52

Shell via upload form?

The site has a form that uploads files with the .pdf extension to the hosting. Can an unscrupulous person upload a shell using this form?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
O
Optimus, 2015-06-16
Pyan @marrk2

1. Forbid the execution of files in this folder (disable php execution, etc.)
2. Check not only the extension but also the mime-type
Then you are safe ;)

Report
C
Chvalov, 2015-06-16
@Chvalov

Prohibit execution of scripts in the directory where *.pdf files are stored.
For Apache, this can be done simply
with .htaccess

php_flag engine 0
AddType "text/html" .php .cgi .pl .fcgi .fpl .phtml .shtml .php2 .php3 .php4 .php5 .asp .jsp

Similar questions
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
A
Artem Melnykov2019-09-11 09:24:58
What to do if android sdk is not installed? 2Reply
Y
Yaroslav2019-10-03 12:49:21
Where and how to find free labor for the for fun project and where to discuss ideas? 7Reply
I
Ivan Zhuravlev2019-10-07 20:13:32
How to set up routing on Raspberry Pi? 2Reply
A
Alex2019-10-09 12:42:39
How to create qr code in js? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question