Skip to content

video not played or not found error
click on direct switch

Hosted by Dailymotion. For legal issues: Copyright Center · DMC · Instant Removal

PHP shell upload III

C
Carlos Sánchez Santos

1,139 Views • Dec 09, 2008

Description

A simple file upload HTML form with client side validation (javascript and actionscript). The dynamic action attribute of the form tag is received from the swf file depending on the file that is being uploaded.

We can decompile it for academic purposes.

Disabling javascript we block the information exchange and then, add the right action target by editing the HTML form.

Anyhow, an attacker doesn't need any HTML form to upload a file. It can be done, for example, using a Perl script.

(This is the bottom line of client side validation).