Bug when dealing with path names

Question

Bug when dealing with path names

20esaua opened this issue 7 years ago · 3 comments

https://github.com/Arrexel/phpbash/blob/master/phpbash.php#L12

Shouldn't this be:

function endsWith($haystack, $needle) {
    return strlen($needle) === 0 || (substr($haystack, -strlen($needle)) === $needle);
}

if(!endsWith($path, '/')) {
    $path .= '/';
}

?

Right now the code is:

if($path != '/') {
    $path .= '/';
}

If the path is /etc, it does not equal /, so it won't append the /. But if someone uploads a file, say screenshot.png, the final path it generates will be /etcscreenshot.png because /etc (the original path) did not end in /. However, if you simply check if the path ends in / (and if not, add a / after the path), it will always generate /etc/screenshot.png (which is what you want).

Answer 1 · 2018-02-23T19:21:32.000Z

No that is not correct.

$path is set only to the current working directory. which is received when sending a command via the pwd command. it is then properly set with

currentDir = parsedResponse[2].replace(new RegExp("/", "g"), "/");

Look further down at the getShellInfo() command.

Answer 2 · 2018-04-20T17:03:43.000Z

sorry for an amateur question. this will work in kali linux?

Answer 3 · 2018-04-20T17:13:00.000Z

@tommyyama2020 this is meant to be placed on any php-enabled webserver, it does not run on your system. In a pentest, it is used mainly after gaining some kind of file upload or RCE on the target, as you need to be able to place the file on the server in some way. It is then accessed via web browser.