php - accessing uploaded files from hosted website temp folder -
i learning "penetration testing of web server / websites". testing web server security following steps:
test 1: through inspect element tools added new form element
test 2: filled form elements exists , browse php file through injected input file tag, when submit form, submitted , uploaded file (sure uploaded file pitched in temp folder of website temp folder)
test 3: hanged here, because don't know how access php file uploaded step 2?
any idea appreciated. cooperation.
for uploaded file run directly browser imply temporary folder inside web root major security flaw not find frequently.
hopefully few people stupid enough change default configuration option put temporary files in web root.
Comments
Post a Comment