<?php phpinfo(): ?>
phpinfo()function is executed
<?php system('whoami'); ?>
.phpextension is blacklisted, what about
.php.jpgcan sometimes work, either when filenames are badly filtered and controlled, or when Apache HTTP servers are badly configured. On Apache servers, when files have multiple extensions, each extension is mapped either to a MIME type or to a handler. If one of the extensions is mapped to a handler, the requested file will be interpreted with that handler. Consequently, if the
.phpextension is mapped to a PHP handler in the Apache configuration, a filename with multiple extensions will always be interpreted as a PHP file when requested if one of the extensions is
.php\x00.jpg) (this as been fixed in PHP 5.3.4), or a separator like
.asp;.jpg(IIS6 and prior). The file will then be uploaded with the
.phpextension and it will possible to request it and make the server interpret its content.
.p.phphpthat might be changed to
.phpafter going through some flawed protections
.php.giffile with a valid header by writing
GIF89aat the beginning of the file like the following example.
getimagesize()function sometimes used as a file type detection function without additional protections.